How many emails do you get in a day? How many times a day do you respond to an email without really thinking about its contents?

Maybe it is a request for some information. Perhaps it is asking you to pay and invoice. All mundane stuff, however, the second you hit send, you have fallen victim to a Business Email Compromise (BEC) attack.

A BEC attack occurs when a cyber criminal gains access to your business email account and uses it to trick your employees, customers, or partners into sending them money or sensitive information. They do this by impersonating someone senior, and abusing their position of trust. It might sound like something that only happens to big corporations, but that is not the case.

According to the FBI, small and medium-sized businesses are just as vulnerable to BEC attacks as larger ones. In fact, these attacks have cost businesses more than £20 billion over the past few years. Microsoft brings more bad news, with its recent findings showing that they are getting both more destructive and harder to detect.

So, what can you do to protect your business from BEC attacks?


  1. Educate your employees. They are the first line of defence against BEC attacks. They need to know how to spot phishing emails, suspicious requests, and fake invoices. Train them regularly on cyber security best practice – things such as strong passwords, multi-factor authentication and secure file sharing are all things your people should know.


  1. Use advanced email security solutions: Basic email protections like antispam and antivirus software are no longer enough to block BEC attacks. You need more advanced solutions that use artificial intelligence and machine learning to detect and prevent these attacks in real-time. Look for email security providers that offer features like domain-based message authentication, reporting, and conformance (DMARC), sender policy framework (SPF) and DomainKeys Identified Mail (DKIM).


  1. Set up transaction verification procedures: Before transferring funds or sensitive information, establish a verification process that confirms the authenticity of the request. This could include a phone call, video conference or face-to-face meeting. Don’t rely on email alone to confirm these types of requests.


  1. Monitor your email traffic. Regularly monitor your email traffic for anomalies and unusual patterns. Look for signs like unknown senders, unusual login locations, changed to email settings or forwarding rules, and unexpected emails. Make sure you have a clear protocol in place for reporting and responding to any suspicious activity.



5. Keep your software up to date. Endure that you are always running the latest version of your operating system, email software and other software applications. These updates often include vital security patches that address known vulnerabilities.


BEC attacks are becoming more common and more sophisticated, but with the right awareness, training, and security solutions, you can protect your business.

Don’t wait until it is too late, take action today to keep your business safe.

If you would like to know more about how to protect your business or if you have any questions, get in touch today.


Published with permission from Your Tech Updates.