True North Networks Blog
What to do About Business Email Compromise (BEC)?
Funds transfer fraud, also known as business email compromise (BEC), is a much more widespread problem than it seems, according to lawyers at Ice Miller LLP. The attorneys believe this type of CEO Fraud is often underreported by the victims, so that even law enforcement doesn’t have a full view of the problem’s scope. Every organization should assume they will be targeted by this type of attack.
“Funds transfer fraud is a crime that leverages technical and social engineered attacks, over the internet or by phone, that involve fraudsters impersonating vendors, executives or banks to convince organizations to wire funds to accounts under the control of the criminal,” the lawyers explain.
These crimes usually involve multiple steps and the attack can potentially be thwarted at each one, either by an observant employee or by the organization’s security protocols. For example, an email-based BEC attack can be foiled by requiring employees to confirm the legitimacy of a fund transfer via a phone call.
Stopping funds transfer fraud in its tracks is important because, In many cases, the money is gone for good once it’s been transferred to the scammers. In cases where the funds can be recovered, however, the victims must act quickly. The lawyers say a comprehensive security program that includes employee training is the key to stopping these attacks.
“Building an integrated data security program, with training that ties to your company’s financial and internal controls, is the best approach to mitigate the risks that transfer fraud entails,” they write. “Done well, such an integrated enterprise risk management also helps to protect against other types of fraud and criminal conduct. We caution, in particular, that organizations handling large sums of money and transactions, such as retirement plans, real estate companies, manufacturers and financial institutions, are prime targets for these types of attacks. The criminals often know a great deal about how these companies operate and once they succeed against one, they will replicate their attacks against others.”
New-school security awareness training can help prevent these attacks at the outset, and it can also enable your employees to thwart attacks that are in progress, or mitigate the ones that have already taken place.