Today is the first annual Identity Management Day! We join the National Cybersecurity Alliance and the Identity Defined Security Alliance to raise awareness and share resources for identity protection.
Protecting our data and promoting privacy is becoming more important to the wellness and security of our lives both professionally and personally – and not just on Identity Management Day. Cybercriminals are continually evolving their strategy and tactics to compromise their targets; it is paramount that end users stay aware of the dangers that lurk beyond the firewall.
One of the most common threats seen today are “Business Email Compromise” scams – or BECs. These involve criminals impersonating key organizational staff or vendors – perhaps an executive, HR, or other members of leadership – with the end goal being the fraudulent transfer of money.
The most common type of BEC scam is invoice or payment fraud.
- 65% of organizations faced BEC attacks in 2020
- In 2020, BEC costs increased rapidly, from $54,000 in Q1 2020 to $80,183 in Q2
- In 2020, 80% of firms experienced an increase in cyberattacks
- 62% of BEC scams involve the cybercriminal asking for gift or money cards.
- Payment/invoice/billing scams skyrocketed by 155% in 2020
Don’t become a cyber statistic! Read on for tips on how to recognize (and avoid) these increasingly popular email scams.
If it seems strange, investigate. Last minute changes in instructions or recipient account information is a red flag that something could be wrong. Trust your gut.
Don’t Click it
Verify information related to any contacts associated with the request. If it is a vendor requesting something, do not contact them through information provided in email – use trusted information on file. If you get a strange request from someone you work with, call them on their known phone number. A quick call can save a big headache!
Double Check that URL
If there is a URL in the email, make sure it’s associated with the business it claims to be from. Discrepancies are a likely indicator that hostile actors may be involved.
Make sure to check for misspellings in domain names. Cybercriminals will often exploit similar names, hoping that the recipient will only glance at it and not realize it is different. Writing style will also be very simple and brief with little information added.
Look for Other Clues
Does it seem strange that the CEO is contacting you personally, via email, with an urgent request? Is a manager, with whom you just had a meeting, asking you to send money? Are you receiving invoices from clients that you aren’t responsible for? All of these are common tactics that are used that can be caught by paying attention to oddities.
See Something? Say Something!
If something looks suspicious, report it to your I.T. department or your MSP! If you’ve been of victim of a BEC scam, file a detailed complaint with www.ic3.gov.
Want to learn more about how to protect yourself and your business from cybercriminals?
Back to Business I.T. specializes in creating and managing secure I.T. environments and has the tools and experience to provide proactive, customized cybersecurity training for businesses of all sizes. Don’t become a cyber-statistic! Get in touch today and let us help you take steps to ensuring your cyber safety.