BEC stands for Business Email Compromise, and it’s a type of attack that business owners should educate themselves about. Essentially, a BEC attack is a type of phishing scam. However, the cyber-criminal will not try to pass themselves off as some outside institution – instead they will try to impersonate an executive at your business. If you’re the manager or owner, it’s likely the person they will try to impersonate is you.
When performed successfully, a BEC attack tricks an employee into providing sensitive information, assuming that they are doing their job instead of compromising security. Luckily, there are several steps you can take to prevent BEC attacks from being successful.
Authenticate Your Email
There are plenty of ways to authenticate your email address, but they all work the same as far as BEC attacks are concerned. Domain spoofing is one of the most common BEC techniques, so make sure you authenticate your email and domain to prevent cyber-criminals from sending any emails to your team that might appear legitimate.
Flag Common Keywords
Using strong email security software can dramatically reduce the risk of falling victim to a BEC attack since they allow you to flag certain suspicious keywords. These may include ‘urgent’, ‘request’, and ‘payment’ – there are quite a few variations. Such emails won’t be deleted altogether, but they can be flagged to ensure whoever reads them exercises proper care.
Use Email Security Filters
While you’re adjusting your email security settings, think about setting up additional filters. You can set your email to spot newly registered domains, a step that will prevent all kinds of phishing attacks. You can even register domain names that are similar to yours.
It isn’t you that’s the target of BEC attacks, at least not directly. It’s your employees who cyber-criminals are going to set their sights on – your employees might not even know what BEC attacks are. Provide security awareness training that covers common examples of all phishing emails, and make sure employees know they can bring any suspicious emails to your attention.