It doesn’t always take a complicated malware or ransomware attack to break your business. Sometimes it’s as easy as someone sending you an email and pretending they have authority over you. Compromising a business email is one of the most common and easy hacking attacks to pull off, so you should be aware of how to put a stop to it.
Other threats might require technical skills to pull off, but BEC is not one of them. BEC is when a hacker or scammer convinces the user that they are someone within the organization with authority, like an executive or administrator, and asks them for funds. The worst part is that these requests actually work a lot of the time.
The FBI estimates that BEC attacks have cost businesses more than $43 billion, and the number is on the rise. Companies in at least 177 countries have reported BEC attacks, so it’s an international problem.
The biggest thing to keep in mind is that it’s remarkably easy for a hacker to research your organization, look into who might be a good target, and spoof an email address. Social engineering tactics like these can pay off for hackers with relatively limited time investment.
More dangerous types of BEC do exist, and they can generate even more revenue for hackers. Hackers can effectively break into legitimate email accounts for an executive or administrator with the intention of finding legitimate reasons to contact people. The convincing request, therefore, appears to be authentic, and an eager employee might jump the gun and fulfill the request without thinking about it.
Like with most cybersecurity-related issues, we recommend you take two different approaches that work in tandem with each other to keep your business safe. First, implement the best security tools out there that protect your network from the myriad of threats out there. Second, train your team on how to identify and address potential threats. Don’t just do it at the time of hire, either; make sure you reinforce it over time.
OnSite I.T. can help your business ensure that it’s as best protected from cyberthreats as possible. To learn more, call us at (403) 210-2927.
Comments