Fraudsters don’t care how big or small your business is, you are a target. One wrong click in an email and the consequences can be dire.
In 2021, the Association of Financial professionals found that three-quarters of organizations were targeted by Business Email Compromise (BEC) attacks. Their success in deceiving organizations encourages them to continue. Take action now to educate your employees on these digital attacks and the precautions they can take to protect your business.
BUSINESS EMAIL COMPROMISE
Business Email Compromise occurs when a legitimate email account is either compromised or impersonated, and then used to order a transfer of funds. Fraudsters will often compromise one of the business’ officers and spend time monitoring their account for patterns and “out of office” messages. They’ll often wait until the officer is away to use the compromised email account to send payment instructions to another employee. While called ‘Email’ compromise, these attacks can also be by fax, phone call, or letter.
Here are a few tips to protect your business:
- Educate employees to recognize, question, and independently verify changes in payment instructions. Empower them to question the request, regardless of urgency or request for secrecy.
- Be old-fashioned! Verbally authenticate any changes via telephone.
- Review accounts frequently.
- Never provide username, password, account information, or authentication credentials when contacted.
- Avoid free web-based email accounts for business purposes.
Taking a couple of minutes to double-check can save a world of headache (and financial loss) for your business.
Fraudsters have also been known to impersonate vendors and payroll administrators to extract financial account information from employees. Aside from phishing for financial information, emails are also a dangerous delivery mechanism for Ransomware Attacks. One wrong click on a link or attachment, could install ransomware on a computer and business network. Keeping operating systems, anti-virus and anti-malware solutions up to date is important. Business owners should also ensure systems are regularly backed up on secure networks.
Nacha is the organization that governs the ACH network and provides numerous resources. You can download Nacha’s “Protecting Against Cyber Fraud” booklet to learn more about scams geared towards businesses and suggestions on how to protect your organization.