It’s easy to fall for one of these fraud email schemes.
Cybercriminals are increasingly using fraud email or business email compromise (BEC) attacks to gain access to companies’ systems.
If they’re successful, they gather information on the company and its suppliers, including payment cycles. They masquerade as legitimate businesses to change contact and banking information, ultimately rerouting funds to their own accounts.
According to Abnormal Security, during the third quarter, attackers continued to focus primarily on BEC campaigns with the goal of invoice and payment fraud. These attacks increased 155% from Q2 to Q3.
Angela Anastasakis is Nvoicepay’s senior vice president of operations and customer success. Nvoicepay is a payment automation provider.
“[BEC is] a subtle process that preys on a person’s willingness to give others the benefit of the doubt,” she said. “With businesses simultaneously facing other, more direct attacks, BECs can be difficult to detect and nearly impossible to reverse.”
Fraudsters specialize in writing convincing emails, Anastasakis said. Accounts payable moves fast and try to maintain good supplier relationships; therefore, it’s easy to fall for one of these fraud email schemes.
“But by slowing down and scrutinizing these requests, there are often tells that can alert you to the sender’s legitimacy,” she said.
“While it’s possible to reverse some payments made to fraudulent accounts, this is not always true — particularly when it comes to automated clearing house (ACH) or wire payments,” she said. “If the bad actors close the account the funds are deposited to, there’s virtually nothing to track, and businesses become responsible for absorbing the damage done.”
You can throw as many security programs as you want at the problem, but it only takes a single well-crafted email or phone call to a well-meaning employee to undermine everything, Anastasakis said.
“The No. 1 thing businesses can do to protect themselves is to offer frequent training to their employees in identifying potential phishing instances,” she said. “Invest in a security protocol for your employees to follow when they encounter any correspondence related to updating payment information, and you will potentially save millions in losses.”
Click through the slideshow above for eight of the most common BEC techniques that fraudsters use.
Product Brief: Kaseya VSA Integrated Workflows with BMS and IT Glue
Untangle Research: Breach Headlines to Prompt Increased Cybersecurity Spending
SaaS Alerts Recruits Big Name from Kaseya as CEO
Microsoft, SAP Plan Teams Integration, Expand Cloud Migration Pact
As Threats Soar, Biden Administration, CompTIA Prioritize Cybersecurity
HPE Appoints LongTime HPE/HP Vet as Worldwide Distribution Head
Acquisition-Hungry Sapphire Systems Powers Ahead with US Expansion
Industry Experts Laud Biden Proposal for Increased Federal Cybersecurity Spending
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.