How to Prevent or Recover from A Business Email Compromise (BEC) Attack

Business email compromise (BEC) is one of the most damaging and costly cyber attacks against small businesses. According to the FBI's 2023 Internet Crime Report 2023, BEC attacks cost U.S. businesses $2.9 billion in 2023, making it the second most costly cybercrime after investment fraud ($4.57bn).

BEC attacks nearly doubled in the past year, according to the latest "Data Breach Investigations Report."

What It Is and How It Works

In a BEC scam, the attacker pretends to be someone the victim should trust, like a coworker, boss, or supplier. They might ask that person to transfer money, change payroll details, or update banking information, that's why they usually target employees in the financial department.

BEC scams often involve techniques like spoofing email addresses or creating lookalike domains and are hard to spot because they don't always use malware or harmful links that standard security tools can detect. Instead, they rely on pretending to be someone else and tricking people through manipulation.

In a related attack type called EAC (Email Account Compromise), the attacker gains control of a real email account. They then use this account to conduct similar fraudulent activities, effectively becoming the trusted person they are impersonating.

Since both BEC and EAC exploit human weaknesses rather than technical issues, preventing, detecting, and responding to these attacks requires strategies focused on people and their interactions.

Types of Business Email Compromise

There are five major types of BEC scams:

1. CEO Scam: In this scam, attackers pose as a company's CEO or high-ranking executive. They typically send an email to someone in the finance department asking for a money transfer to an account controlled by the scammers.

2. Account Compromise: An employee's email account is hacked and used to send fake payment requests to vendors. The money ends up in the attackers' bank accounts instead of the legitimate vendor.

3. False Invoice Scam: Attackers pretend to be a foreign supplier and trick businesses into transferring funds to fraudulent accounts, thinking they're paying a legitimate invoice.

Related: What Is Invoice Fraud and How Small Businesses Can Stay Safe

4. Attorney Impersonation: Scammers pose as lawyers or legal representatives, often targeting lower-level employees who may not question the legitimacy of the request.

5. Data Theft: These attacks target H.R. employees to steal personal or sensitive information about company leaders, such as CEOs and executives. This data is often used in other scams, like CEO Fraud.

Example of phishing attempt caught by Bitdefender Antispam Lab researchers

Scammers posed as the Netherlands Chamber of Commerce (KVK) to steal personal information from business owners. They claimed that the recipient's company was no longer listed as active and requested that the recipient updated their details by filling out a form.

The email falsely stated: "We need to confirm that companies listed in the trade register are still active. Your company no longer appears as active according to the tax authorities. If you believe this is an error, please update your details within 3 business days."

Recipients were asked to provide personal information such as their name, company name, address, phone numbers, email, and date of birth. The scammers could use this information to better target and defraud the business owner.

How Can BEC Affect a Very Small Business?

Financial Losses. BEC attacks can lead to substantial financial losses if the scammers trick employees or small business owners into making unauthorized money transfers or divulging sensitive financial information.

Reputational Damage. A small business's reputation can be severely damaged if it falls victim to a BEC scam. Customers and partners might lose trust in the business's ability to handle sensitive information securely, which can lead to a loss of clients or contracts. Rebuilding a damaged reputation can be difficult and time-consuming.

Disruption of Operations. BEC attacks can disrupt daily operations. For instance, if an attack involves redirecting payroll or disrupting transactions, it can cause delays in employee payments or business dealings. This can affect staff morale and lead to operational inefficiencies.

Legal and Compliance Issues. Handling the aftermath of a BEC attack might involve legal costs and compliance issues. The business might need to report the incident to authorities, deal with legal claims, or face regulatory penalties if sensitive data is exposed or mishandled.

Decreased Employee Morale. Employees might feel stressed or demotivated if a BEC attack occurs. They may face additional scrutiny or have to deal with the fallout from the scam, which can affect their productivity and overall job satisfaction.

Increased Costs. After a BEC attack, a small business might need to invest in enhanced security measures, such as advanced email filtering systems, cybersecurity training for staff, and more robust authentication processes. For a small business with limited resources, investing in security before and not after an attack can save a lot of money.

Red Flags to Look Out For

Educate your team to spot these warning signs in suspicious emails:

• Strange Requests from Executives: Be cautious if a high-ranking executive asks for unusual information, such as detailed employee records. It's uncommon for CEOs to request such specifics directly.
• Requests for Confidentiality: Scammers often ask you to keep their requests secret or to only communicate through email. Be wary of such demands.
• Bypassing Normal Procedures: If an email from an executive asks you to bypass your company's usual processes, like making a quick wire transfer, be suspicious. Legitimate requests should follow standard procedures.
• Language and Formatting Issues: Watch for emails with strange date formats or awkward language. These can be signs that the email isn't genuine.
• Mismatched Email Addresses: Check if the email address or "Reply To" address matches the expected sender. Scammers often use email addresses that look similar to legitimate ones to deceive recipients.

How to Prevent Business Email Compromise (BEC) Attacks

BEC attacks often rely on social engineering and phishing tactics. Here's how to protect your business:

• Educate your employees to increase cyber hygiene. Teach them how to identify Business Email Compromise (BEC) threats, recognize spoofed messages and scam tactics, and encourage them to carefully review any unusual requests. Provide real-world examples of BEC and phishing emails and introduce them to Scamio.

If you suspect someone is trying to scam you or a website looks suspicious, you check it with Scamio, our AI-powered scam detection tool. Send any texts, messages, links, Q.R. codes, or images to Scamio, which will analyze them to determine if they are part of a scam. Scamio is free and available on Facebook Messenger, WhatsApp, and your web browser. You can also help others stay safe by sharing Scamio with them in France, Germany, Spain, Italy, Romania, Australia, and the U.K.

• Use Strong and Unique Passwords: Make sure your work passwords are different from your personal ones. If hackers get hold of your business passwords, they might try to access your personal accounts as well, and vice versa.
• Keep Security Measures Updated: Ensure that your staff is trained in the latest cybersecurity practices and that you use up-to-date software, including email filters and antispam tools.
• Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security by notifying you of any unauthorized login attempts.
• Be Cautious with Sensitive Requests: Be skeptical of emails asking for sensitive information, especially if they come from unfamiliar contacts.
• Consider Zero Trust Security: This approach requires authentication for every request to access your online resources, whether the request comes from inside or outside your organization.
• Get Bitdefender Ultimate Small Business Security, a solution that combines the best in class antivirus with scam, fraud, email, breach protection, and staff training options. Securing these areas can significantly lower the chances of falling victim to any attacks.

Read more about this solution in our article  Why Small Business Owners Should Care About Cybersecurity and choose your plan, here.

What to Do If You Suspect a Compromised Email

If you think your business email has been compromised, take these steps immediately:

1. Change Your Email Password: Do this right away to prevent further unauthorized access.
2. Secure Your Device with MFA: Ensure that your device has multi-factor authentication enabled.
3. Review Sent and Deleted Emails: Check these folders for any suspicious emails or contacts.
4. Update Your Account Recovery Information: Your recovery details may also be compromised, so update them.
5. Run an Antivirus Scan: Check your device for malware that might have been installed.
6. Report the Incident: Notify your email provider about the breach and also the relevant authorities.

Here are some law enforcement agencies that you can reach out to:

• The Internet Crime Complaint Center of the FBI: (www.IC3.gov)
• The Canadian Anti-Fraud Centre/Centre Antifraude du Canada: (www.antifraudcentre.ca)
• The Action Fraud located in the United Kingdom (www.actionfraud.police.uk)
• The Australian Cybercrime Online Reporting Network: (www.acorn.gov.au)
• The German Federal Criminal Police Office (BKA) (www.bka.de)

How You Can Try to Recover Money Lost in a BEC Attack

Recovering money lost in a Business Email Compromise (BEC) attack can be challenging, but there are steps you can take to try and recover the funds or mitigate the damage:

1. Contact Your Bank or Financial Institution: Notify your bank or the institution where the funds were transferred as soon as possible. They may be able to reverse the transaction if it has not been fully processed or offer advice on how to proceed.

2. Report the Incident: File a report with law enforcement agencies, such as the FBI's Internet Crime Complaint Center (IC3) or your local police. Providing detailed information about the attack can help with investigations and recovery efforts.

3. Notify Your Email Provider: Inform your email service provider about the breach. They might have additional resources or guidance for addressing the situation and potentially recovering lost funds.

4. Engage a Cybersecurity Expert: Consult with a cybersecurity expert or incident response team. They can help assess the breach, secure your systems, and assist with investigating the financial loss.

5. Contact Your Insurance Provider: If your business has cyber insurance, contact your provider to report the loss. Cyber insurance policies may cover financial losses resulting from BEC attacks.

6. Track and Document Everything: Keep detailed records of all communications and actions taken related to the incident. This documentation can be crucial for investigations and any potential recovery processes.

While these steps can improve your chances of recovering lost funds, success is not guaranteed. Prevention and strong security measures are the best ways to protect your business from future attacks.

Related: 10 cybersecurity tips to protect your small business data

FAQs

What is Business Email Compromise (BEC), and how does it work?

Business Email Compromise (BEC) is a type of cyberattack where scammers impersonate a trusted person or entity through email to deceive employees into transferring money or sharing sensitive information. These attacks often rely on social engineering tactics, such as posing as an executive or a vendor, to manipulate the recipient into taking action.

How can I train my staff to recognize and prevent BEC attacks?

Focus on identifying common signs of BEC, such as unusual requests for sensitive information, emails from unknown contacts, or messages asking for secrecy. Encourage employees to verify with Scamio any unexpected or suspicious requests through direct communication channels, such as phone calls, before taking any action.

How can multi-factor authentication (MFA) protect my business from BEC attacks?

Multi-factor authentication (MFA) adds an extra layer of security by requiring more than just a password to access your accounts.

By implementing MFA, even if a scammer manages to obtain a password through a BEC attack, they would still need the additional verification factor to gain access. This significantly reduces the risk of unauthorized access and helps protect your business from potential breaches.