Business email compromise or what is commonly known as a B.E.C attack is increasingly being used by cybercriminals to steal large amounts of money from companies. These attacks are usually targeted as opposed to the usual random, automated systems they employ to find new victims, the attackers can take months to thoroughly research targets and work out the company’s internal employee structure and who the Directors and the Chief Financial Officer and stakeholders are when they are on holiday or even away on a business sales meeting. They then contact the C.F.O or administration staff that they know have access to company bank accounts usually with a very convincing looking email, sometimes they can have even breached internal company email systems such as Outlook 365 which can be breached if not protected properly (which frequently isn’t) or they can simply be masquerading as the director requiring a bank transfer for a large amount of money to be transferred to another account, this practice can be common in some of the larger-scale company’s operating in Ireland, the UK and abroad.
They have been known to tailor the amount requested to the size of the company turnover which they will already have established from their research and work out what level of financial transaction would seem acceptable to the internal staff combined with a convincing enough false back-story. From an outside perspective it can seem unlikely that experienced staff would fall for such a ploy, however usually in our experience, it is the most trusted and even intelligent member of staff that falls for this type of attack, intelligent and highly productive staff are usually known to multitask, multiple work tasks at the same time, this can completely shut down the logical part of the brain that otherwise would never fall for this attack.
In our own experiences of meeting companies in Ireland and Northern Ireland in 2019, one, in particular, comes to mind that lost the equivalent of over €55,000, it was a senior, widely recognised as being talented and trusted member of staff that caused the business to lose the income to the scam. This amount pales in comparison to the usual amount stolen which is in excess of €100k This can have a devastating impact on the company stakeholders, its wider reputation with clients, existing staff and the likelihood of future company survival. Business Email Compromise attacks have led to over €23 Billion (yes billion with a B) in fraud globally in the last 6 years, within just this one attack method alone.
For further information and information about our staff training programs and cybersecurity as a service, contact us today.