BEC Scams Skyrocket Due to Surge In Work From Home

Never ones to miss taking advantage of a crisis, hackers are in high gear targeting the influx of employees now working from home. The Better Business Bureau (BBB) finds a strong correlation between the number of coronavirus adjustments we’ve had to make, and the dramatic increase in cyber scams. Security experts warn there may be historic levels of fraudulent activity using coronavirus themed email phishing attacks. Barracuda Networks finds a 667% growth in these attacks since the end of February. In addition to the spike in fraudulent emails targeting the public in general, the BBB warns the dramatic increase of the numbers of employees now working from home has its own cybersecurity concerns, especially with BEC (business email compromise).

BEC scams are fraudulent crimes specifically targeting industries and their employees. The goal of BEC fraud is simple: Send wire transfers into a hacker’s account via fraudulent requests. A BEC is typically a phishing email that targets specific employees and is designed to impersonate a financial request from a company executive or outside contractor. Those employees directly involved with accounting or finance who approve and generate wire transfers are a particularly ripe target. Verifying a wire transfer is key to avoiding BEC, but bad actors hope doing so is more difficult working from home. Spotting a BEC attempt before it’s too late is surely possible, but it takes awareness and education to do so. Listed below are tips to help you and your employer avoid becoming the next victims of BEC.

Fight Back Against BEC Scams

• Have IT policies in place for those working remotely. Clearly designate IT personnel and their contact information so those with technical questions or problems know who and how to contact IT for support.

• Keep consistent billing policies in place for remote workers. Verification is the key to stopping a BEC attack, so make sure wire requests keep to the plan.

• Carefully scrutinize all emails for tell-tale signs of hacking, including those sent from C-suite executives.  Check the return email address, and don’t hesitate to contact the requestor directly. A short phone call or email to a CEO to verify a wire transfer request should be done. Remember, a C-suite executive would rather verify a request than send funds to a hacker.

• Use the many options to verify a request is legitimate, including in person, over the phone or video contact. Don’t rely on an email alone as verification, don’t use the phone number in the email, but do have others at work confirm a wire request is for real. Multi-factor authentication (MFA) goes a long way ferreting out the legitimate from the fraudulent.

• Educate employees on cybersecurity. They are often the first defense against hackers, and a business is only as strong as its weakest link. As BEC and other attacks continue to improve and trend over time, employees should receive continuing cyber education to include the latest scams and what to look out for.