BEC attacks! What are they?

September 17, 2021
Access Tech: Business Email Compromise (BEC) schemes have become more notorious since remote working. Follow steps to prevent BEC's from harming you and your business!

The FBI has reported that “Business Email Compromise (BEC) schemes have grown 2,370% since 2015. With more than 40,000 domestic and international incidents, these types of scams have cost more than a staggering $5.3 billion in actual and attempted losses.” Have you or anyone you know been scammed via an BEC attack?

What is a BEC attack?

“A BEC attack begins with a cybercriminal hacking and spoofing emails to impersonate your company’s supervisors, CEO, or vendors. Once in, they request a seemingly legitimate business payment. The email looks authentic, seems to come from a known authority figure, so the employee complies. Typically, the fraudster will ask for money to be wired or checks to be deposited, whatever the usual business practice. However, this scam has evolved not even to involve money. Instead, the same technique is used to steal employee’s personally identifiable information, or wage and tax forms (ex. W-2).”

This is obviously a very frightening, and very easy, way for criminals to access extremely sensitive personal information. Such scams will impact both companies and individuals at the very core of their societal existence. Are you prepared to handle such a life-altering event?

Many of these attacks “rely on social engineering techniques, to which antivirus, spam filters, or email whitelisting are ineffective.” But there are ways to prevent them from occurring. Here are a few suggestions from the FBI:

  • Avoid free web-based e-mail accounts. Establish a company domain name and use it to create company e-mail accounts
  • Enable multi-factor authentication for business email accounts
  • Don’t open any email from unknown parties. Do not click on links or open attachments
  • Secure your domain to prevent domain spoofing.
  • Double-check the sender’s email address. It could be a spoofed email address. Suspicious email addresses can end in generic names like
  • “Forward,” don’t “reply” to business emails
  • Don’t overshare online
  • Always verify before sending money or data
  • Know your customers and vendors habits. Have there been any sudden changes? Verify any requests.

We can help you with any of the concerns that go along with potential security risks. Contact Access Tech for answers and assistance. Also, “if your business is targeted, remember to alert your financial institution and IT department immediately, and file a complaint with the IC3.”

[Source: FBI Internet Crime Complaint Center]