According to the FBI, BEC, or Business Email Compromise, is a 1.3 billion dollar industry. Think your business or non-profit is too small to get attacked? Think again.
A few days ago, we were the subject of a typical BEC attack. Fortunately, our Treasurer is security aware! Here’s what the email looked like.
Detecting and Preventing Compromise
There are several ways to protect against this attack. Among them:
- Verify the email by picking up the phone and calling the sender using a known good number.
- Require dual authorization for wire transfers over a specific amount.
- Add a special tag to email (such as [EXTERNAL]) for email coming from the Internet.
- If the email includes a domain name, is it a slight misspelling of yours? Have you considered registering variations of your own domain name?
- Does the email include a sense of urgency, a lack of specificity, misspellings or a different reply-to address?
- Is the email arriving at a time when the supposed sender is unavailable? Bad guys have been known to troll social media looking for publicly-shared hints of schedules.
A little bit of awareness goes a long way.