Fake Boss Scam: Preventing a BEC Attack

Don’t answer that text or email! It is not unusual for you to receive a message from your boss. However, do not be quick to assume it is your boss contacting you: especially if the request is unusual, like requesting that you buy a bunch of gift cards. Scammers find out where you work and who your boss is and pose as the person in charge. Almost 1 out of 3 organizations (30%) state that more than 50% of links received via email lead to a malicious site. Be on guard and never share personal or company financial information with anyone, even within your organization. A Fake Boss Scam or other Business Email Compromise (BEC) attack can lead to a serious data breach.

Business Email Compromise Definition

Business Email Compromise (BEC) attacks are financially damaging. One wrong move and the organization is under attack. These attacks involve phishing emails that trick unsuspecting employees into performing tasks under the semblance of legitimate business. Although ransomware appears to be the most damaging phishing-related risk the organization faces, BEC attacks sneak up on you. There is a hidden danger in the rising tide of the unpredictability of Fake Boss Scams and other BEC attacks.

BEC Scam Examples

Ready to see how dangerous BEC scams can get? One of the biggest known BEC scams is the Google and Facebook $100+ Million BEC scam. How were these tech giants vulnerable to such a substantial collective loss? In the early 2010s, a man named Evaldas Rimasuaskas and multiple associates posed as a hardware company that was a known contact of Facebook and Google. The fraud involved setting up a series of fake invoices and contracts which falsely billed them for millions of dollars. 

With BEC scams needing little technical knowledge, keeping your data safe from suspicious behavior is crucial. Cybercrime has become more common, with 100+ billion spam emails sent daily. Forged documents are becoming harder to identify, and social engineering is becoming more sophisticated. All of which is becoming a terrifying threat to your company. What could happen to your business if two of the largest tech companies were victims of BEC attacks? Recognizing and preventing BEC attacks from targeting your company will save you from money loss and reputational damage.

How to Prevent a BEC Attack

How do you protect your company against BEC damage? The easiest way to prevent most BEC attacks lies in a straightforward answer; multi-factor authentication. Adding additional security to your accounts will prevent scammers from infiltrating the business. A quick and easy setup through significant tech giants such as Apple, Google, and Microsoft, will protect against 95% of BEC attacks. 

Some other ways to prevent BEC attacks include:

  • Always double-check the sender’s email address. A viable email address will have an extension ‘similar’ to the legitimate email but will not be the same. Check for a missing letter or an extra letter. For example, scammers may use ceo@exampl-company.com rather than the actual email address buying ceo@example-company.com.
  • Verify the money or data transferred. Ensure to train your employees to approve transactions or requests for confidential information with proper processes. Your employees must prepare to decipher the incoming emails sent.
  • Enable multi-factor authentication for all work credentials. Setting up multi-factor (also known as multi-step) authentication makes it more difficult for scammers to access data, resulting in more brutal attacks on the company.

How to Recover from a BEC Attack

You answered the email or text and sent over the money. What do you do now? Panic? Quit? You should let your company know and suggest liable solutions ASAP! Attackers collect information over time on the target company. For a scammer to articulate an attack, it may take years of collecting data. You are vulnerable to so much out there.

  1. Contact the proper authorities. Contact the organization or platform the transaction occurs on. Alert the FBI so you can file a complaint with the Internet Crime Complain Center at www.IC3.gov.  
  2. Run tests on all devices to detect malware. Scan the infected and non-infected devices by running tests for malware. If seen, continue following these steps. 
  3. Stop the spread of malware. Follow safety and security protocols, including unplugging and updating your activities to the recipients and everyone involved.
  4. Educate and train your employees. If your employees are untrained or given knowledge on what to do when cybersecurity has occurred, you may want to implement it now.
  5. Develop security measures. Implement email and security solutions to prevent and reduce any future attacks. Contact FUSE3 to look at the potential solutions we offer.

How FUSE3 Can Help

Stop worrying about BEC scams today! FUSE3 works to protect, prevent, and eliminate threats that come at you by combining a knowledgeable team experienced in network support and technology. With BEC attacks posing a danger, you do not want an attacker to successfully breach your data. Add the security and Small Business IT Support Services you need without adding to your headcount!

Leave a Comment

Your email address will not be published. Required fields are marked *