Business email compromise attacks target companies, rather than individuals, and appear to come from a colleague the person already knows. It can range from asking the victim to pay a new supplier, or paying an invoice for a staff member.
These sophisticated attacks are similar to other phishing emails in that they are impersonating someone else to gain data or money from the victim. However, the scammer puts in extra effort to be convincing in these instances.
Another significant difference between BEC scams and traditional phishing emails is that the latter are easier to identify. They feature spelling errors, noticeably fake email addresses and unknown senders.
BEC scammers take the time to research the company they wish to target, usually using social media sites to gain access to personal and work-related information. This allows them to easily mimic the way company employees communicate online.
Then, the scammer will buy a domain that is close to the company they are targeting with slight variations that may not be noticeable at first, such as adding an extra letter.
So how can business leaders keep their company safe from these attacks? For starters, having an email authentication protocol, such as domain-based message authentication, reporting, and conformance (DMARC), can make it easier for BEC scams to be sorted under spam folders automatically.
Additionally, educating employees on the dangers of BEC attacks, how to identify them and what to do if they are targeted through cybersecurity training is essential to protecting your company.