Whether you call them phishing attacks, social engineering attempts, or good old-fashioned scams, the impact of criminal activity leveraging business email is substantial. There is no shortage of data and alerts regarding the magnitude of cybersecurity risks related to email. Some warnings are more eye catching than others, like this one recently published by the FBI:
June 26, 2018
FBI Warns of Dramatic Increase in Business E-Mail Compromise (BEC) Schemes
NASHVILLE, TN—The FBI is warning potential victims of a dramatic rise in the business e-mail compromise (BEC) scheme that targets businesses and has resulted in massive financial losses in Nashville and other cities.
BEC schemes are sophisticated scams targeting businesses that regularly authorize wire transfer payments via e-mail. Scammers spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.
While the scheme is called BEC, it is important to note that the scam is always evolving and can take on varying appearances depending on whom the perpetrators are targeting. The BEC scam is linked to other forms of fraud, including but not limited to: requesting W-2 forms, romance, lottery, employment, vehicle, and rental scams. Victims range from large corporations to tech companies to small businesses to non-profit organizations.
The FBI encourages all individuals who believe they have fallen victim to a scam to report it to the FBI using www.IC3.gov. These reports help the FBI to investigate individuals and groups who are committing these crimes and are essential to the FBI’s investigations.
This is not a surprise.
- 91% of successful data breaches started with a spear phishing attack
- Ransomware was a 1 Billion Dollar criminal business in 2016, and continues to grow
- CEO Fraud (aka Business Email Compromise) causes $5.3 billion in damages
Most companies focus on having policies and products that protect their physical assets such as the networks, applications, servers, and data, but often overlook the most important defense against corporate loss - their employees!
Certainly, many organizations have some form of security training for their personnel. Usually it is a short PowerPoint a new employee must watch during the onboarding process, or ironically an e-mail to all employees telling them to beware of phishing attacks.
At Astadia, we work with our customers to build a comprehensive program to help employees understand how the bad guys work, recognize general and spear phishing attempts, and we are often able to help our customers decrease their susceptibility to phishing attacks by 500% or more! Our Human Firewall Security Service uses a combination of training, simulating phishing attacks, and continuous analysis to greatly decrease your company’s vulnerability to phishing and give you piece of mind that your sensitive data will not be leaving the company through a BEC scheme.
Contact us today for a proof of concept to show you how our program works.