By now, you know not to click on links or open files attached to emails from unknown senders. But, what if your company accountant receives an urgent, time-sensitive email from your chief executive officer (CEO) requesting a transfer of funds for an acquisition? The prefix and domain of the email address are correct, suggesting its legitimacy, and your CEO isn’t answering the phone. What do you do?
This latest phishing scam, known as a Business Email Compromise (BEC), is taking its toll on businesses with foreign suppliers who regularly make wire transfer payments. According to the FBI's 2021 Internet Crime Report (ICR), almost half of the reported dollar losses to internet crime last year came from BEC and email account compromise (EAC) scams, to the tune of a staggering $1.7 billion. So, how do you protect your business from BEC phishing scams? Here are a few things to consider.
Educate Employees – Teach your team how to recognize phishing emails, including BEC scams. Give your employees the greenlight to be skeptical of abnormal emails, rather than requiring them to take every request at face value. Doing so can save your business hundreds of thousands of dollars.
Leverage Technology – Make sure your IT team has taken the appropriate steps to filter out spam emails from your chosen platform. Intrusion detection software is capable of alerting your team when an email originates outside of your internal network, regardless of that email’s prefix and domain.
Strengthen Financial Protocols – Ensure that two-step verification processes are in place for all wire transfers. Also, verify discrepancies with your usual vendors if any changes to typical payment amounts or locations occur. Encourage accounting employees to be suspicious of urgent transfer requests requiring a single person to take action quickly, particularly those that don’t follow protocol.
Consider Document Management – Document management software protects all of your company’s data— including emails. Implementing such software will help to scan through email correspondence and provide an additional layer of protection for your company’s confidential data.
Nothing is more important than protecting your business and your bottom line. Contact us today, and we can implement IT security solutions that do both.