Business Email Compromise (BEC) is an exploit in which an attacker obtains access to a business email account and imitates the account owner’s identity in order to defraud the company and its employees, customers or partners.
In a BEC exploit, the attacker targets specific employee roles within an organisation by sending a spoof email (or series of spoof emails) which fraudulently represent a senior colleague (CEO or similar) or a trusted customer.
The email contains instructions, such as approving payments or releasing client data in an attempt to persuade the victim to make money transfers to the bank account of the fraudster.
To minimise the possibility of being a victim of such techniques:
- Use a spam filter which will block the majority of unsolicited emails from ever making it to your inbox;
- Always verify the email address of the sender – not just the sender’s name;
- If you receive an email from a person you know but the content of the email seems suspicious, do not reply. Contact that person separately;
- Do not open any attachments from senders you don’t know or are not expecting;
- Do not click any links before verifying where the link will take you;
- Never provide sensitive information on a website unless you are sure that the website is a legitimate one and has legitimate reasons to ask for such information;
- Train your staff in how to recognise common impersonation tactics.
- Make sure you are not redirected – i.e. you are unknowingly taken to a different website which has an identical design to the one you are expecting;
As part of the Cyber Security Malta, Tech.mt collaborates with the Malta Information Technology Agency (MITA) and the Malta Digital Innovation Authority (MDIA) to deliver educational video episodes about Security in the Digital Economy towards a safer future.