BEC scams are a frightening new trend in the world of online security. Without good website maintenance, your business’s website may be an easy target.
BEC stands for Business Email Compromise. According to the FBI, these scams have skyrocketed by more than 270% since the beginning of 2014.
The last FBI reporting showed that 7,000 businesses have lost $1.2 billion to BEC scams in the last 2 years.
At Renew Marketing, our goal is to protect your website by installing the latest security updates. We keep your plugins and platforms up-to-date to ensure attackers don’t find any easy entry points. We implement modern security monitoring and added security features to protect our clients.
We do our best to safeguard our clients from BEC scams. However, the best BEC scams are highly sophisticated. Let’s find out how you can stay protected.
Example of a BEC Scam
As an example of a BEC scam, the FBI posted one example where an American business lost nearly $1 million.
An accountant for that US company received an email from her chief executive, who had recently left on vacation out of the country.
That chief executive claimed he needed a transfer of funds on a time-sensitive acquisition that required completion by the end of the day. The CEO’s email said that a lawyer would contact the accountant to provide further details.
That accountant later claimed that the chief executive had sent emails like that before:
“It was not unusual for me to receive e-mails requesting a transfer of funds,” the accountant later wrote.
An hour later, the accountant was contacted by the lawyer via email. That email included the letter of authorization, which included the CEO’s signature above the company’s seal. The instructions were to wire $737,000 to a bank in China.
The CEO called the next day regarding another matter, at which point the scam was revealed. The CEO claims he knew nothing about the wire transfer.
That business had fallen victim to a business email compromise scam, a rapidly growing area of financial fraud that is targeting all different types of business.
BEC scams are getting more sophisticated every day. So let’s cover some tips on how to protect yourself from BEC scams.
How to Protect Yourself from BEC Scams
The Internet Crime Complaint Center is a division of the FBI that handles most internet-related scams. The IC3 claims that the average individual loss from online scams is about $6,000. However, the average individual loss for BEC victims is $130,000.
Want to avoid losing $130,000? Here are some tips to follow:
-If you receive a wire transfer request from anyone, no matter how trustworthy, always call to confirm details of that transfer. By following this simple step, you can avoid 95% of all BEC scams.
-Avoid free, web-based email accounts, which are more susceptible to hacking attempts (if you need to use a free email account, use one that has two-factor authentication, like Gmail)
-Avoid posting financial or personnel information on social media or company websites, as it gives attackers an easy way to contact and imitate key members of your company
-If you get a wire transfer request, you should immediately be suspicious if that request talks about the need for secrecy or urgency. Take extra precautions.
-Keep your website updated with the latest plugins and platforms to ensure you don’t give attackers an easy way in
Website Security and BEC Scams
Scam artists will often target your business’s website for BEC scams.
One of the most popular types of attacks is the CEO phishing scam. Scam artists will create a domain name that is nearly identical to the company’s domain. Then, they’ll create an email address that looks like your CEO’s email address.
If your CEO’s email address was, say, JaneCEO@YourCompany.com, the attackers might create an email address that says JaneCEO@YourCompanyy.com
One letter makes a world of difference. And if you hastily glance over an email address, and see that it’s from your CEO, then your defenses may already be down.
BEC Scams Are Sophisticated and Highly Targeted
The important thing to remember with BEC scams is that they’re extremely targeted.
Attackers are playing for big stakes, and they’ll spend weeks researching your company and conducting reconnaissance. Attackers familiarize themselves with your business’s habits and schedules, your employees, and your methods of communication.
The FBI also reports that the scam has been reported in all 50 states and in 79 countries around the world. The money stolen in the transactions has been observed being sent to 72 countries, although the vast majority of scams involve sending money to banks within China and Hong Kong.
All Renew Marketing website maintenance packages include security monitoring and added security features. You also get monthly malware scans, WordPress updates, and frequent backups. Learn more about our website maintenance packages here.