Our Risk Management department noted that we’ve recently heard from some of our business customers about an uptick in a very common business email compromise – when a hacker gains access to an email account and begins to send emails pretending to be the true email owner.
Hackers often attach malicious content to the emails all in an attempt to get the victim to click on it to further perpetuate the fraud trend. Also, hackers use BECs as a way to trick victims into believing they are speaking with a known contact and attempt to persuade them into providing sensitive information such as usernames and passwords, account information, personally identifying information.
Business Email Compromises can occur many different ways. Some of the most common are:
- Using passwords that are easy to guess
- Clicking on a fake websites that mirror legitimate website that steals login credentials
- Unknowingly downloading viruses as a result of navigating to a malicious site or clicking on an email attachment or link.
Some red flags that your email may have been compromised are:
- Friends and colleagues receiving emails from you that you didn’t send
- Being locked out of your email account though you have not changed your password and were able to login recently
- Seeing additional rules set up in your email settings
- Seeing items in your sent folder that you did not send
Some Red Flags that you may have received a suspicious email:
- Grammar mistakes
- Irrelevant context that don’t make sense
- Emails asking for personal information
- Emails containing suspicious attachments
As always, if you are not sure if the email is legitimate, call or contact the sender using another means of communication to verify its authenticity prior to opening it or downloading it.
To help protect yourself and your email account, be cautious of what you download and click on, use strong passwords, keep passwords secret, and have good security features on your computer. If you feel that a compromise were to happen, call your email service provider for instructions on regaining access. Also your computer should be thoroughly cleansed by a reputable third party to ensure that no additional viruses are present. Then, after your computer has been cleaning, check to make sure emails are not being forwarded out to unknown addresses and check your email signature to make sure it free of unknown.
The Federal Trade Commission (FTC) has some additional resources and tips available on their site at https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/business