As CEO fraud and business email compromise cases rise, when should you ignore an instruction from your boss?

Cybercriminals are increasingly employing straightforward but efficient methods, such as CEO fraud and business email compromise (BEC), to gain access to an organization’s data or finances as more and more businesses throughout the world invest money on cybersecurity solutions.

BEC is a kind of scam in which cybercriminals obtain access to, or convincingly mimic, a senior staff member’s email address, according to international security awareness organization KnowBe4. They then mail an appropriate individual within the company, asking them to help with a payment or to disclose information. They don’t activate any security scanners or warning indicators and initially appear to be relatively harmless because they don’t ask the receiver to click on a link or open an attachment. But they result in the most financial loss in relation to cybercrime.

BEC wire transfer fraud occurs when thieves use a scheduled financial transaction, like a payment to a supplier, to their advantage and request that the recipient change the bank account details on a wire transfer that is being sent out. Frequently, the directive can seem to originate from the victim’s supervisor, and it might even be composed in a style resembling that of the supervisor. Gift card scams are another prevalent kind of business email compromise (BEC) wherein the attacker poses as the victim’s coworker and requests that they buy a digital gift card.

According to Anna Collard, SVP of Content Strategy & Evangelist at KnowBe4 Africa, phishing attempts including business email compromise account for 35% of security occurrences. A faked email address or website is used in 71% of business email compromise (BEC) assaults in order to create credibility, according to security vendor GreatHorn’s 2021 Business Email Compromise Report (https://apo-opa.info/47byw0a). Spear phishing is used in 69% of BEC attempts, which increases the attack’s likelihood of reaching the appropriate individuals within an organization who have financial clout. The report states that the banking sector is targeted 57% of the time, followed by CEOs (22%) and IT (20%).

“Security awareness training is the first step towards lowering the risk of such assaults. Sometimes people don’t realize how valuable their email accounts are. Use strong and distinct passwords for each of your email accounts, and be cautious not to fall for phishing emails. Your password should have an additional layer, such two-step or multi-factor authentication. Use a phone call or WhatsApp to confirm any requests for payments or changes to financial information with the receiver when they are not in the band, advises Collard.

Organizations can use KnowBe4’s free Phishing Security Test to determine whether employees are susceptible to phishing assaults that seem plausible. Use this link to register for the test: https://apo-opa.info/3FW1fuJ. SOURCE: knowBe4