Hackers are continuously looking for ways to earn money by stealing sensitive data from unsuspecting computer users and companies worldwide. There is a wide number of hacking techniques nowadays, which can seriously hurt a business.
One of the most common phishing attacks over the past several years is Business Email Compromise (BEC). This attack usually uses the name of high-ranking officials – most of the time the CEO – in getting sensitive data from the company and money as well.
The number of phishing attacks these days is continuously growing. Not surprisingly, though, since hackers find it as a lucrative business. Most companies are also unaware, as Cisco recently revealed that 28 percent of manufacturing companies lost revenue due to phishing attacks in 2016.
This is the reason why it is very important to educate employees about BEC attacks. Companies should also include in their priorities finding ways to improve security because it is better to invest in top-class security instead of running the risk of losing revenue because of phishing attacks.
There are several forms of BEC attacks, and the most common is known as CEO Fraud. Several departments of the company will receive an email allegedly from the CEO. In the email, the alleged CEO will ask them to send money to a certain account usually for an emergency.
Hackers are also using Bogus Invoice scam. The attack is usually done by looking for an invoice due for payment soon. The email will include a request to change the payment location, which is usually linked to the hacker. It is similar to an Attorney Impersonation, where the hacker will pretend as an attorney, who will pressure the company to send funds for legal reasons to a bogus account.
Business email accounts are also being compromised in the hopes of using the email in sending confidential messages and requests to several high-ranking officials. According to Trend Micro, attacks are usually targeting the CFO, Director of Finance and Financial Controller.
Aside from money, BEC attacks also aim to steal data from the company. This type of attack is meant for gathering sensitive company information – like income projection and client details. Successful hackers will use these information to blackmail the company or earn money by selling it on the black market.
The number of BEC attacks are continuously growing, which forced FBI to issue a warning to the public. FBI urged companies to take the growing threat seriously because since January 2015, companies have lost $3 billion because of BEC scams.
Companies should make sure that employees know of the forms of attacks. According FBI Special Agent Martin Licciardo, the best way to counter these attacks is by verifying requests directly with the official who allegedly sent the email.
Companies should scrutinize all emails. Payment locations should be verified through the other parties involved and two-factor authentication should also be used for fund transfers.
There are complicated ways of combating ransomware, but there are vendors and security companies that specialize in neutralizing these hackers. Engaging them is worth the investment because the company will be protected from wide-scale attacks in the future.