Get All Access for $5/mo

How To Prevent Business Emails From Being Hacked? It is reported that business email compromise scams have cost businesses more than $26 billion since mid-2016

By Remesh Ramachandran

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Remesh Ramachandran

Enterprise security is essential, and a compromised email system can seriously damage legitimate business interests. Safeguarding a company's finances and privacy will not only empower employees but also ensure business longevity.

Business email compromise (BEC) is a type of scam that targets companies by using email frauds. It is one of the growing security threats that is faced by businesses of all sizes. It is reported that the BEC scams have cost businesses more than $26 billion since mid-2016.

The BEC attackers rely on social engineering, phishing and fraudulent activities to trick unsuspecting employees. By impersonating financial officers and CEOs, cyber criminals try to trick victims into initiating money transfers into unauthorized accounts.

At present, BEC is ahead of ransomware, data breaches caused by hackers or employees, impersonation fraud, virus or malware infections, system failures or outages, physical loss of assets such as stolen laptops and all other types of claims.

Detecting BEC attacks

BEC attacks are very difficult to detect from a technical perspective. Even tech giant companies such as Google and Facebook cannot escape form a BEC attack. Both companies have lost an estimated $123 million to BEC attacks in 2017 alone.

How Google and Facebook lost millions

A Lithuanian man, Evaldas Rimasauskas posed as a vendor and sent invoices for computer equipment to the two Internet giants.

Rimasauskas registered and incorporated a company in Latvia using the same name as of a famous Taiwanese-based computer products vendor, to add credibility to the emails he sent to the two companies.

In the two-year long scam, he managed to convince Facebook and Google employees to transfer him millions of dollars. The scam was eventually detected and the funds were recovered. A good security awareness programme could have prevented the whole disaster.

BEC attack Red Flags

The prime targets for a BEC attack are always finance and payroll employees. Take a look at the nine red flags which an employee should look for.

● "Reply to' email address does not match "From' email address

● Vendor payment requests with new routing numbers and/or account numbers

● Vendor payment requests from a new email address

● Requests for wire transfers to a new account (a foreign account)

● Any "urgent' or "confidential' requests for payment

● Requests for payment at the end of the day or before weekend and/or holidays

● Requests for payment without justification

● Requests for payments of unusual or large amounts

● Requests for payment to a personal account

Also Read: 5 No-Brainer Tips to Avoid Getting Hacked

What are business email compromise scams?

BEC scams occur when an attacker impersonates a company stakeholder (usually an executive or vendor) and tricks your employees into transferring money to fraudulent accounts or sharing confidential information.

BEC attacks can be categorized into five types, they are:

Fake invoice scheme: Attackers issue a fraudulent invoice, usually impersonating a foreign supplier.

CEO fraud: Attackers pretend to be a company executive and demand an urgent wire transfer from a junior executive.

Account compromise: Attackers hack an employee's email account and requests payments from vendors.

Attorney impersonation: Attackers impersonate a lawyer or other official who handles confidential information and request more sensitive data from staff.

Data theft: Attackers target HR and accounting employees to steal sensitive data, including tax information. This data becomes useful in future BEC attacks.

Why are BEC attacks so successful?

BEC attacks are successful most of the time as they do not involve much technical knowledge. Even though there are many tools to protect the firms from attacks such as malware, it is difficult to detect a BEC attack easily.

However, there are some technical steps that can be taken to protect your company from BEC attacks.

Protection checklist

● Enable two-factor authentication for account logins

● Create visual indicators so emails from external addresses will be obvious to your staff

● Block auto-forwarding email capabilities to make it hard for attackers to hide

● Tighten your international wire transfer policies and include a wire transfer time delay

● Ask your finance team to verify vendor payment requests via phone

Also Read: How to Avoid One of the Biggest Email Hacking Threats

How to prevent BEC attack

The best way to prevent a BEC attack is to implement a security awareness programme in the company. Educate your employees about the working of a BEC attack. Make them aware of the attacks, empower them to recognize it and adopt better cybersecurity habits.

Remesh Ramachandran

CISO | Security Researcher | Ethical hacker

Remesh Ramachandran is an ethical hacker. He has solved several sophisticated cybercrime and real-world hacking cases, and has worked for the government and various other national and international agencies. Remesh is currently working as a CISO (Chief Information Security Officer) for an organisation.

News and Trends

Tech Burner's Anarc Smartwatch Achieves INR 3 Cr Sales with USD 1 Mn Investment

Anarc features a patented octagonal design by Thought Over Design and Seymourpowell, with a medical-grade stainless steel body. It includes advanced technology like a Hisilicon chipset, AMOLED display, and seven-day battery life.

Diversity

5 Ways You Can Create a More Inclusive Workplace Immediately -- and Why You Should

The more diversity you bring to your team, the greater your chances of finding groundbreaking insights and solutions.

Starting a Business

He Started a Business That Surpassed $100 Million in Under 3 Years: 'Consistent Revenue Right Out of the Gate'

Ryan Close, founder and CEO of Bartesian, had run a few small businesses on the side — but none of them excited him as much as the idea for a home cocktail machine.

Marketing

4 Neuromarketing Hacks to Reach More People and Maximize Results

You don't need to be a neuroscientist or have a big budget to start upping your conversions immediately.

News and Trends

Fintech Start-Up CredFlow Secures $3.7M Pre-Series B Funding

CredFlow said that the funding proceeds will go towards "optimizing and scaling the startup's financial services and lending verticals, as well as towards improving its tech and innovation capabilities."

News and Trends

Insurtech Player Zopper Raises $25M in Series D Funding

With 40 insurance companies and 2500+ ecosystem players, Zopper will utilize the fresh capital to ramp up digital infrastructure, by strengthening its Insurance Distribution platform