How To Prevent Business Emails From Being Hacked? It is reported that business email compromise scams have cost businesses more than $26 billion since mid-2016

By Remesh Ramachandran

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Remesh Ramachandran

Enterprise security is essential, and a compromised email system can seriously damage legitimate business interests. Safeguarding a company's finances and privacy will not only empower employees but also ensure business longevity.

Business email compromise (BEC) is a type of scam that targets companies by using email frauds. It is one of the growing security threats that is faced by businesses of all sizes. It is reported that the BEC scams have cost businesses more than $26 billion since mid-2016.

The BEC attackers rely on social engineering, phishing and fraudulent activities to trick unsuspecting employees. By impersonating financial officers and CEOs, cyber criminals try to trick victims into initiating money transfers into unauthorized accounts.

At present, BEC is ahead of ransomware, data breaches caused by hackers or employees, impersonation fraud, virus or malware infections, system failures or outages, physical loss of assets such as stolen laptops and all other types of claims.

Detecting BEC attacks

BEC attacks are very difficult to detect from a technical perspective. Even tech giant companies such as Google and Facebook cannot escape form a BEC attack. Both companies have lost an estimated $123 million to BEC attacks in 2017 alone.

How Google and Facebook lost millions

A Lithuanian man, Evaldas Rimasauskas posed as a vendor and sent invoices for computer equipment to the two Internet giants.

Rimasauskas registered and incorporated a company in Latvia using the same name as of a famous Taiwanese-based computer products vendor, to add credibility to the emails he sent to the two companies.

In the two-year long scam, he managed to convince Facebook and Google employees to transfer him millions of dollars. The scam was eventually detected and the funds were recovered. A good security awareness programme could have prevented the whole disaster.

BEC attack Red Flags

The prime targets for a BEC attack are always finance and payroll employees. Take a look at the nine red flags which an employee should look for.

● "Reply to' email address does not match "From' email address

● Vendor payment requests with new routing numbers and/or account numbers

● Vendor payment requests from a new email address

● Requests for wire transfers to a new account (a foreign account)

● Any "urgent' or "confidential' requests for payment

● Requests for payment at the end of the day or before weekend and/or holidays

● Requests for payment without justification

● Requests for payments of unusual or large amounts

● Requests for payment to a personal account

Also Read: 5 No-Brainer Tips to Avoid Getting Hacked

What are business email compromise scams?

BEC scams occur when an attacker impersonates a company stakeholder (usually an executive or vendor) and tricks your employees into transferring money to fraudulent accounts or sharing confidential information.

BEC attacks can be categorized into five types, they are:

Fake invoice scheme: Attackers issue a fraudulent invoice, usually impersonating a foreign supplier.

CEO fraud: Attackers pretend to be a company executive and demand an urgent wire transfer from a junior executive.

Account compromise: Attackers hack an employee's email account and requests payments from vendors.

Attorney impersonation: Attackers impersonate a lawyer or other official who handles confidential information and request more sensitive data from staff.

Data theft: Attackers target HR and accounting employees to steal sensitive data, including tax information. This data becomes useful in future BEC attacks.

Why are BEC attacks so successful?

BEC attacks are successful most of the time as they do not involve much technical knowledge. Even though there are many tools to protect the firms from attacks such as malware, it is difficult to detect a BEC attack easily.

However, there are some technical steps that can be taken to protect your company from BEC attacks.

Protection checklist

● Enable two-factor authentication for account logins

● Create visual indicators so emails from external addresses will be obvious to your staff

● Block auto-forwarding email capabilities to make it hard for attackers to hide

● Tighten your international wire transfer policies and include a wire transfer time delay

● Ask your finance team to verify vendor payment requests via phone

Also Read: How to Avoid One of the Biggest Email Hacking Threats

How to prevent BEC attack

The best way to prevent a BEC attack is to implement a security awareness programme in the company. Educate your employees about the working of a BEC attack. Make them aware of the attacks, empower them to recognize it and adopt better cybersecurity habits.

Remesh Ramachandran

CISO | Security Researcher | Ethical hacker

Remesh Ramachandran is an ethical hacker. He has solved several sophisticated cybercrime and real-world hacking cases, and has worked for the government and various other national and international agencies. Remesh is currently working as a CISO (Chief Information Security Officer) for an organisation.

Business Ideas

Is Your Business Healthy? Why Every Entrepreneur Needs To Do These 3 Checkups Every Year

You can't plan for the new year until you complete these checkups.

News and Trends

The Future Workforce: Gen Z and HR Professionals Differ on Importance of AI Skills

While 60% of Gen Z are taking charge of their futures through online courses, internships, and competitions as they believe outdated college curricula are the primary reason behind today's wide skill gap

Business News

'We're Not Allowed to Own Bitcoin': Crypto Price Drops After U.S. Federal Reserve Head Makes Surprising Statement

Fed Chair Jerome Powell's comments on Bitcoin and rate cuts have rattled cryptocurrency investors.

News and Trends

Haircare Brand Arata Raises $4M in Series A Funding Led by Unilever Ventures

The personal care brand competes with established players like WOW Skin Science, Pilgrim, and Mamaearth, in a rapidly growing market. This latest funding round highlights investor confidence in the brand's potential to scale and become a leader in India's haircare industry.

News and Trends

Building the Future: How AI and Real Estate are Joining Forces for Smarter Investments

In 2024, the Indian real estate market size is estimated to be USD 518.5 billion and is expected to reach USD 856 billion by 2029, at a CAGR of 8.71 per cent. Real estate is the most preferred asset class for investment for over 59 per cent of Indians

Science & Technology

This AI is the Key to Unlocking Explosive Sales Growth in 2025

Tired of the hustle? Discover a free, hidden AI from Google that helped me double sales and triple leads in a month. Learn how this tool can analyze campaigns and uncover insights most marketers miss.