As any business owner and IT security specialist knows, email scams are rife. And when it comes to businesses, these scams can be especially dangerous as they aim to defraud your company, steal out of accounts, and even use your company accounts to defraud suppliers and other third parties. A successful attack on your business can cost thousands or millions of dollars – and damage your reputation. With this in mind, here’s how to detect a business email compromise (BEC) scam and keep your company safe.
#1 – The bogus invoice
This occurs when a business in your supply chain has been compromised. The hackers will send you a legitimate invoice from a legitimate account in an effort to defraud you. This will be a completely authentic communication, which makes it very difficult to detect, especially if you are used to paying invoices from that vendor. You should always check that the account information is the same that you have on record, and check that the vendor is actually due to be paid. You can always call the vendor to double-check on their side.
#2 –CEO fraud
Here, hackers pretend to be your CEO or another high-level executive and target accountants, CFOs, or anyone in charge of making payments. There will be a request for a payment to be made – urgently – to an account on their behalf that is controlled by the hackers. Often, it will use urgent or intimidating language to force the person to act quickly before they think twice. Any unusual payment requests must be confirmed by direct interaction with the person, so staff in these positions must be encouraged to act critically and call the person concerned directly. It takes just a few seconds and can save thousands of dollars.
#3–Too good to be true
In these emails, an offer comes through that is exceptional, offering a reward or limited time incentive. This is a case where it pays to be cynical, as the links usually contain malware that can infect your system, or they are requesting information that can be used to compromise the email account and commit large-scale fraud. Even if it has come from a recognised sender, it’s not to be trusted as their account may have been compromised. Always verify an email like this independently by calling the sender in person, or simply deleting it.
How to protect your business
At Otto, a leading managed services provider in Melbourne, we’re here to help protect your business against scams, cyberattacks, and malicious actors. We recommend that you install good anti-spam software, implement multifactor authentication on your work and personal devices, and train your staff to recognise dangerous emails and act accordingly. These simple yet effective scams are on the rise and the wrong click can be devastating to your business, so we’re here to help you turn your weaknesses into a strong defence against email scams. Chat to us about IT security measures and staff training that will effectively protect your business.