Protect Your Identity and Learn About BEC Scams

BEC scams

Today is the first annual Identity Management Day! We join the National Cybersecurity Alliance and the Identity Defined Security Alliance to raise awareness and share resources for identity protection.

Protecting our data and promoting privacy is becoming more important to the wellness and security of our lives both professionally and personally – and not just on Identity Management Day. Cybercriminals are continually evolving their strategy and tactics to compromise their targets; it is paramount that end users stay aware of the dangers that lurk beyond the firewall.

One of the most common threats seen today are “Business Email Compromise” scams – or BECs. These involve criminals impersonating key organizational staff or vendors – perhaps an executive, HR, or other members of leadership – with the end goal being the fraudulent transfer of money.

The most common type of BEC scam is invoice or payment fraud. 

  • 65% of organizations faced BEC attacks in 2020.
  •  In 2020, BEC costs increased rapidly, from $54,000 in Q1 2020 to $80,183 in Q2.
  • In 2020, 80% of firms experienced an increase in cyberattacks.
  • 62% of BEC scams involve the cybercriminal asking for gift or money cards.
  • Payment/invoice/billing scams skyrocketed by 155% in 2020.

Don’t become a cyber statistic! Read on for tips on how to recognize (and avoid) these increasingly popular email scams.

Be Skeptical

If it seems strange, investigate. Last minute changes in instructions or recipient account information is a red flag that something could be wrong. Trust your gut.

Don’t Click it

Verify information related to any contacts associated with the request. If it is a vendor requesting something, do not contact them through information provided in email – use trusted information on file. If you get a strange request from someone you work with, call them on their known phone number. A quick call can save a big headache!

Double Check that URL

If there is a URL in the email, make sure it’s associated with the business it claims to be from. Discrepancies are a likely indicator that hostile actors may be involved.

Spelling Counts

Make sure to check for misspellings in domain names. Cybercriminals will often exploit similar names, hoping that the recipient will only glance at it and not realize it is different. Writing style will also be very simple and brief with little information added.

Look for Other Clues

Does it seem strange that the CEO is contacting you personally, via email, with an urgent request? Is a manager, with whom you just had a meeting, asking you to send money? Are you receiving invoices from clients that you aren’t responsible for? All of these are common tactics that are used that can be caught by paying attention to oddities.

See Something? Say Something!

If something looks suspicious, report it to your I.T. department or your MSP! If you’ve been of victim of a BEC scam, file a detailed complaint with

Want to learn more about how to protect yourself and your business from cybercriminals?

Back To Business I.T. specializes in creating and managing secure I.T. environments and has the tools and experience to provide proactive, customized cybersecurity training for businesses of all sizes. Don’t become a cyber-statistic! Get in touch today and let us help you take steps to ensuring your cyber safety.

Managing Your Digital Presence by Updating Privacy Settings

privacy settings

Do you still have a MySpace, or a Xanga? There are probably a few accounts out there that you no longer use – and probably didn’t remember you had. But they are still part of your digital presence and should be monitored. How do these old accounts pose a cybersecurity threat? 

Easy Targets: Well, old accounts usually have outdated privacy settings. That means cyber-criminals could be using your personal information to build a social-engineering profile for you, making it easier to target you in phishing or spear phishing attacks. If they have info on your subscriptions, memberships, likes, affiliations, etc. they can make their phishing bait emails much more believable.

Data Leaks: Let’s say your privacy settings on those old accounts are locked down tight. How robust is that website’s security? How easy is it for cyber-thieves to break in and steal it? Chances are, websites or services that aren’t widely used anymore aren’t going to have the most up to date information security measures in place. Do you really want to risk it?

Optics: Another reason to clean up your old accounts may be simply to moderate the content that’s out there. As we all know, the internet is forever. When we post a comment, publish an article, or share a photo, our name is tied to that media until we delete it. Do you have accounts with NSFW photos, comments, or content? A quick search on any search engine should reveal content tied to your digital identity. Is there something you don’t want shared?

So go ahead, take a stroll down your memory lane on the internet and see what you find. Deactivate accounts you no longer need, manage old content and how it’s shared, and enjoy the peace of mind.

Skip to content