Protect Your Business from Email Compromise Scams
Business email compromise (BEC) scams are on the rise, and they can be incredibly damaging to your business. While phishing is a well-known cyber threat, BEC takes it a step further. Cyber criminals use phishing techniques to steal sensitive information, such as login and financial details, and then use that information to impersonate you, your staff, or your business itself.
BEC scams often involve criminals posing as trusted entities, like large corporations or business partners, to access confidential details and carry out fraudulent activities. In this article, we’ll explain how to spot these scams and what steps to take to protect your business.
How Cyber Criminals Are Tricking Businesses
In BEC scams, criminals often impersonate business owners or staff members to send fake invoices, supplier requests, or other fraudulent communications. They may even use your company’s logos, email signatures, or even hack into your email account to commit their crimes. Since these scams are so convincing, they can easily trick employees or customers into revealing sensitive information or making fraudulent payments.
What to Do If You’ve Been Targeted
If you suspect that your business has been compromised by a BEC scam, it’s essential to act quickly:
- Report the Incident: If your email account has been hacked, report the issue to ReportCyber.
- Notify Your Staff and Clients: Inform your team and clients about the breach so they can stay vigilant for any suspicious emails or requests from your account.
- Alert Your Email Provider: Notify your email provider about the breach to help prevent further damage.
- Contact Your Bank: If you’ve made a payment to a fraudulent account, contact your bank or financial institution immediately to report the scam.
Securing Your Accounts
Once your email account is compromised, follow these steps to secure it:
- Run Security Software: Your email provider may recommend running anti-virus and anti-malware software to check your devices for malicious activity.
- Change Your Password: Choose a strong, unique password and enable multi-factor authentication to add an extra layer of security to your account.
Using Secure Payment Methods
BEC scams targeting payments cost Australian businesses a significant amount. In 2021 alone, these scams were estimated to have cost $227 million, according to the ACCC. One way to protect your business is by using PayID, a free payment system that helps reduce the risk of scammers intercepting your invoices and altering payment details.
PayID allows payments to be made using a mobile number or email address, rather than a BSB and account number. Before confirming the payment, a confirmation screen will show the intended PayID name, making it harder for scammers to go unnoticed.
Educate Your Team
It’s essential to educate your employees about the signs of BEC scams. Make sure they are on the lookout for:
- Sudden changes to bank account details in invoices
- Urgent payment requests or threats
- Unusual payment requests or messages from internal team members (whose accounts may have been compromised)
- Emails that seem suspicious or unprofessional
Stay Vigilant for Suspicious Communications
If you receive any suspicious messages, it’s important not to act immediately. Contact the sender directly using verified contact details, such as those on their official website or business card. If you receive an invoice with altered payment details, call your supplier using their official phone number to confirm the change. They may have been targeted by hackers, and their account details could have been altered before sending the invoice to you.
Conclusion
BEC scams are a serious threat to businesses, but by staying vigilant, educating your team, and using secure payment methods, you can protect your business from these types of cyber attacks. The key is to take swift action if you suspect a compromise and to implement robust security measures to prevent future incidents.
