Business email compromise (BEC) is when a fraudster hacks emails to impersonate someone in your company or organization... Typically it will be an executive or CEO. The fraudster will email an employee asking for funds to be transferred on their behalf. Here are a couple of ways to protect your business from business email compromise.
- Educate Your Team—By educating your team on what to look for regarding business email compromise, your employees can be better prepared to recognize illegitimate emails and scams, which will in turn help protect your company and customers.
- Take Precautions—Train your employees to take precautions... Make sure staff knows the risks behind posting information online or on social media regarding the location of senior staff/executives... Fraudsters like to try to attack when they know these people will be out of the office.
- Use a Secure Email System—Free email accounts, like Gmail and Yahoo, typically have less security features and are more susceptible to being hacked. Opening up a company domain may be a smart move for your business.
- Be Wary of Suspicious Emails and Be Sure to Delete Them—If your employees receive a suspicious email it may be a good idea to delete it. Make sure that you advise them not to click on any links or reply to the email.
- Ensure Your Networks and Computers are Protected—Ensure your networks and computers are protected by always using a secure Internet connection. Never use an unprotected connection. Also, confirm that all software and anti-virus software is up-to-date on all computers.
- Make Sure to Verify Before Processing Any Payments—Consider training employees to always verify with the person making the request before processing any payments... Some ways that they can do this is by calling the person through a predetermined telephone number, using an alternate email address, etc.
- Implement Two-Factor Authentication—Another way to help prevent business email compromise scams is to implement a two-factor authentication process. Create an approval process that will help protect your business or organization from external fraud attempts.