How to protect yourself from the rising threat of business email compromise
Authored by Aviva
Often referred to as ‘CEO fraud’, business email compromise (BEC) is a cyber threat that’s on the rise, costing businesses billions. Relying on email ‘imitation’, hackers are spoofing employees into transferring funds or confidential personal data for - what they believe – to be a legitimate request. How can you and your clients stay vigilant against BEC?
The rising threat of BEC
According to a report last year, over 6,000 businesses are targeted every month by BEC fraud, with the UK being the second most targeted region (26%) behind the US (39%).
BEC is a complex and targeted form of email fraud. Unlike some phishing scams that involve sending a generic message to thousands of accounts hoping for ‘a bite’, BEC involves thorough research. Hackers need to identify the individuals likely to action their type of request and who within the business would typically make the demand.
Once the victim is found, hackers will craft a believable email to try and successfully convince the targeted individual to transfer funds outside of the organisation or request personal data like PAYE forms, P45s etc.
Although BEC is referred to as ‘CEO fraud’, emails are made to imitate and come from an individual you would commonly have contact with to make it feel as genuine as possible. That could be someone in your team, a line-manager, a Chief Financial Officer (CFO) or similar.
Don’t assume that your business is ‘too small’ to be targeted by cyber scams. While the attacks on the large multinational organisations might make the evening news, SME businesses are just as at risk as the large ones – we’ve recently seen a rise in cyber scams impacting insurance brokers. How can you and your clients stay vigilant against the threat of BEC?
- Double-check the validity - If the request seems odd, or you’re unsure about the validity, check with the ‘requestor’ on the phone or in person to make sure it’s genuine, especially if the request is outside the normal line of enquiry.
- ‘Keep it between us’ - If you’re asked that you keep the request confidential or that you only communicate directly via email, you should be wary – this is a common tactic used by hackers.
- Lookalike domains - Check the ‘reply-to’ email address. A lookalike domain will be used to try and fool recipients at first glance. Make sure you double-check that the reply address is consistent with that of your organisation.
Other things to look out for:
- Does the email from the sender seem like their normal ‘email style’? Check for commonalities in tone or grammar.
- Did the email arrive in the early hours of the morning or at an unusual time?
- Was it vague and only containing attachments – or did the email contain an attachment when you weren’t expecting one?
In summary, BEC is a researched and targeted type of email fraud that utilises ‘imposter’ imitation tactics to make the recipient believe they’re dealing with a genuine request. To protect yourself against BEC; always double-check the validity of emails relating to transferring funds or personal data, look out for red flags like poor grammar or unusual send times and check for inconsistent reply-to addresses.
Aviva Insurance Limited is one of the UK’s leading insurance companies, part of the Aviva group with 34 million customers Worldwide. Aviva Insurance has been in the insurance business for more than 300 years. In UK commercial, the insurance market remains challenging for insurance brokers and customers, due to the ongoing economic conditions. Aviva Insurance are focusing on improving our processes to ensure Aviva provide commercial customers with insurance cover at an acceptable price. Insurance brokers also recognised our excellent customer service by voting us Insurance Times General Insurer of the Year in 2012, for the second year running. youTalk-insurance sharing Aviva insurance news and video.
- 13 Feb 2020
- 10 Feb 2020
- 6 Feb 2020
- 3 Feb 2020
- 27 Jan 2020
- 23 Jan 2020
- 20 Jan 2020
- 20 Jan 2020
- 16 Jan 2020
- 13 Jan 2020