Before discussing business email compromise best practices, it is important to understand how BEC works. Knowing the fraudsters’ tactics can form the basis upon which to institute countermeasures to protect your business from theft. Their prime tool is spoofed email addresses, and implementing email security measures can keep you out of reach to scammers. Here are some business email compromise best practices that can help you secure your data and finances.
Train users to spot common BEC scenarios and tactics
The first line of defense against business email compromise attacks is your employees. Your employees can be a formidable bulwark or the weak link in your cybersecurity firewall against business email compromise attacks. The basic concept of BEC attacks is to social engineer employees and manipulate them to carry out email instructions without double-checking.
Implement frequent awareness campaigns and simulated drills to put your employees on permanent alert and look out for suspicious emails. The training must cover the tale-tell signs of email fraud that include spelling mistakes and the use of poor grammar in the instruction emails. Emails with mismatched addresses, links, and attachments and invoking urgency are likely fraudulent and must be treated with caution.
Define a clear and safe internal payment policy and procedure covering payments to external parties to guide employees and stick by it with no exceptions. Any email instructions purportedly from the CEO or CFO to transfer funds with unusual urgency must be confirmed by calling the executive’s known number before action.
Before action, verify
Business email compromise fraudsters use social engineering to prepare the target employee before they strike. One is to create a false sense of appreciation with attached possible reward and the second is to urge speedy action for the sake of the business. An employee socially engineered this way feels special and moves fast to do the bidding of the superior without further scrutiny.
Payment office employees, including the CFO, must always double-check payment instructions relayed via emails. Even a CFO can fall victim to an email supposedly from a supplier asking to change payment account details that could be from fraudsters. The use of technology can help an organization in identity theft and supply chain management, according to top blockchain trends today.
BEC fraudsters’ secret weapon is not to allow time to think for the target employee and may quickly follow up the urgent email with a phone call. What the employee should do is to call back the presumed caller using their direct or personal number to verify.
Install email security technology
Even the best-trained employees will occasionally miss the red flags and fall victim to business email compromise attack tactics. Protect the employees from the social engineering tactics by installing preemptive technology to filter emails before they reach users’ inboxes. When a few of these suspicious and malicious emails slip through the filters, employees may not be overwhelmed and make rush decisions.
Security measures such as domain message authentication, reporting, and conformance (DMARC), DomainKeys identified mail (DKIM), and sender policy framework (SPF) can reduce incidences of BEC attacks. SPF can help to filter fraudulent messages purporting to originate from internal sources through the DNS-controlled IP address authorization. This ensures that no messages with look-alike addresses will be allowed through.
The DKIM function adds a signature to outbound emails as proof of authenticity to the recipients, something a BEC email will not have. DMARC ensures both DKIM and SPF safeguards are optimized to filter all inbound mail for red flags and to block such before they hit inboxes.
Implement strict procedures for wire transfers
Wire transfer is the method fraudsters prefer for quick and anonymous extraction of funds from their victims. If successful, money moves within a matter of minutes from the victim’s account to the criminal’s collection account and out into thin air before anyone is the wiser for it. The best protection against this eventuality is to implement rigorous processes for wire transfers that must be followed diligently despite the urgency at hand.
Any request to change the payment type must not be concluded via email only but verified through other channels open to the involved parties. Get back to your client through contacts known to you and reconfirm that they indeed changed their account details before moving cash.
There should be an established duration within which invoices are paid and any request outside of this standard should be flagged for further scrutiny. Designate more than one employee to approve and execute any wire transfers to enhance vigilance when paying. Implement supporting processes for internal verification of payment requests other than email communications to bolster security.
Install malware protection
Alongside email security measures that you may have implemented, consider installing malware protection. A successful business email compromise fraud depends on the information the criminals can mine from the target business. The scammers need to know your suppliers, business associates, attorneys, the names of your high-level executives and payments staff, and your internal communication protocols.
This information can be gathered long before the actual hit through spyware quietly installed in your systems using email attachment Trojans. By installing malware protection such as anti-spyware and anti-virus on your systems, you minimize the risk of infection and the subsequent consequences.
How to mitigate a BEC attack
If, after you have just completed a transaction, you realize it could be a business email compromise attack, move fast to mitigate the possible damage. Immediately inform your cybersecurity team to start a follow-up process as you notify your bank to suspend transactions. Bring the information to other members of staff whose authority you may have relied on when responding to the BEC email.
Contact law enforcement agencies and file a report of the scam for further investigation. Meanwhile, contact your bank again with detailed information about what happened and work together to protect your business’s financial accounts. A change of credentials for your communication channels and financial accounts is equally vital for added security against follow-up attacks. Finally, carry out a forensic audit of your systems and processes for improvement and strengthening.
