Business Email Compromise
Business Email Compromise (BEC) is widely spread and successful because:
1) people unfortunately fall for the scam and
2) criminals are making a lot of money
BEC is usually someone pretending to be you, or someone has hacked your email system
Someone pretending to be you
Someone pretending to be you may send your customers fake invoices from a similar email address. Your customer doesn’t realise the sender is different and they pay the bill into the wrong account. Your customer loses the money and you probably don’t get paid quickly as a result.
Someone has hacked your email system
Your email system may get compromised by you or another user giving away their email password to a fake website. Now the hacker has control of your email and sends fake invoices to your customer but from your email address. Your customer pays into the wrong bank account. You lose the money as you are the one who was compromised
Don’t want to lose thousands or dollars?
- Ensure MFA is setup on yours and all staff emails
- Don’t reuse the same password over and over. Use a password manager like Last Pass.
- Educate your users. We have training courses and simulations we can send to your staff
Receiving Invoices
Received an invoice recently from a supplier that has asked you to pay into a different bank account? Don’t pay it.
Instead call the supplier on their known trusted phone numbers and have a conversation. Don’t respond to the email.
Sending Invoices
Sending invoices to new clients? Give them a call. Tell them you are about the send them an invoice. Ask them to verify the bank account details with you over the phone.