Welcome to another edition of Privacy Notes. Before you shut down for the week and turn it on for the weekend, let’s pick up from where we left off last week by furthering our conversation on Business Email Compromise (BEC).
Identifying BEC Scams
BEC cybercriminals are wise. Businesses and individuals like you and I have to be wiser to identify these BEC scams. Here are some of the signs to watch out for:
- Wrong Address Names or Spelling Errors
Many scammers try to use slight differences in the uniform resource locator address which is popularly referred to as URL to impersonate and gain the trust of the receiver of such scam emails, for example instead of firstname.lastname@example.org the address may show email@example.com. I guess you might fall for this if you do not pay close attention to the spelling error.
- Links to Strange URL Addresses or Downloads
Scam emails tend to require the receiver to click falsified URL links or download corrupt files that will grant the scammers access to internal information.
- Request to Bypass Company Procedures
This could be in form of Emails from superiors requesting the employee to carry out certain requests that circumvent the usual organization procedure.
- Urgency in Messages to Send Fund
Emails requesting individuals to transfer funds or authorize certain payments in a time-bound manner or with a sense of urgency.
Mitigating BEC Scams
- 2-Factor Authentication
Organizations can adopt 2 Factor Authentication for purposes of payment of financial transactions on their systems. This will serve as another verification process as it requires the Account holder’s device.
- Call to Verify
Always try to verify that the instruction and correspondence are from the right sender where possible.
- Educating Employees on BEC
Educate your employees on the BEC scam and how to identify such scam emails. This will ensure they are on the lookout and are consciously aware of the dangers of BEC scams.
- Carefully Examine Email Contents
Take time to examine the contents of email correspondence received for odd errors in spellings, email addresses, domain names, URL links, etc.
- Avoid Clicking/Download Suspicious Links/Documents
Always avoid clicking links that you are unsure of requesting you to either input your details or download malicious files.
As BEC Cybercriminals become wiser, it is important that organizations and their employees become enlightened on the potential dangers of these cybercriminals and how they can identify and also guard against becoming victims of these scams.
Till we meet next week, stay vigilant and stay cybersecurity conscious!