Blog

Why It’s Important Your Organization Avoids BEC

Why It’s Important Your Organization Avoids BEC

Sometimes the worst scams out there are the simplest ones. Hackers don’t need a fancy or complicated malware or algorithm to create chaos for your organization; all they have to do is convince you that the email you’ve received in your inbox is from someone of authority within your business. Let’s go over how a business email compromise is pulled off and why you need to be wary of threats like these.

What is Business Email Compromise?

Unlike other threats out there, business email compromise, or BEC for short, does not require incredible technical skills to pull off, making it a dangerous prospect indeed. BEC is when a hacker or scammer convinces the user that they are someone within the organization—usually an authority figure or executive—and asks them to transfer funds for a variety of reasons. You wouldn’t believe it, but this kind of request actually works.

After all, nobody likes to turn down a request for help from the boss, right?

According to the FBI, BEC has cost businesses upwards of $43 billion, and this number is growing larger by the day. Furthermore, companies in at least 177 countries have been reported.

How Does BEC Work?

Really, all it takes is for a hacker to do a little bit of research into the organization, determine who they can feasibly impersonate through email, spoof that email account, and contact employees within the organization using that spoofed email address. These types of social engineering attacks are uncomplicated and can pay off in spades if the hacker can manage to pull them off.

Other types of BEC are more dangerous and difficult but are equally lucrative, if not more so. Hackers can break into the actual email account of the executive or employee and keep watch over their inbox to look for legitimate purchases that need to be fulfilled. This combination makes for a dangerous and convincing request, and an eager employee might not think twice before fulfilling the hacker’s request.

What Can You Do About It?

We always like to recommend that you implement the best and brightest email security solutions out there, as well as multi-factor authentication to ensure that anyone who logs into your business-critical applications is who they say they are. Ultimately, however, who falls for business email compromise attacks will largely depend on how well you have trained your staff to identify and respond to these types of attacks. Security training should not be a one-and-done deal; you need to provide comprehensive training during the onboarding process while also providing periodic refreshers to keep security at the top of your team’s mind.

White Mountain IT Services can equip your business with the comprehensive security tools to keep themselves safe, as well as the training needed to identify these types of hacks before they accidentally allow a hacker to make off with your business' hard-earned capital. To learn more about what we can do for your business, reach out to us at 603-889-0800.

Related Posts

I’m talking about when the heir to the Nigerian throne would reach out to your Hotmail account to help him secure his inheritance, or when an attractive woman or man you’ve never met before would email you out of the blue asking if you were single; s...
With countless threats out there waiting for IT professionals to slip up, it’s no small wonder that many of these professionals are opting into what is called a zero-trust policy for their security standards. So, what exactly is a zero-trust policy, ...
We aren’t going to try and pretend that the investments necessary to preserve your business’ data security are small ones. Especially at first glance, you may very well start to question if such an investment is truly necessary. The simple fact of th...
How often do you receive emails from someone written in another language? We bet the answer is “not often,” but you never know when being able to translate an email might come in handy—especially if you ever do business overseas. Let’s go over the bu...
When it comes to your business’ cybersecurity, it can be too tempting to operate under the assumption that the few cybersecurity events you hear about on the news are all that happen. Unfortunately, this is far from actual fact. Let’s review some of ...
No matter how well you protect your network, chances are you’ll suffer from some vulnerability or another. That said, you can take considerable measures toward protecting your business so you don’t have to worry so much about them. Let’s discuss how ...
Due to the almost faceless nature of many cybercrime acts, it can be easy to see them as nothing more than the acts themselves, which is of course not true in the slightest. Behind these attacks are people, and where people performing illegal acts ar...
Imagine this scenario: you’re going about your daily tasks when you receive an email from a cybersecurity company claiming that you have become the target of a hacking attack. Now, you don’t work in IT, so you’re not sure what your security agency is...
Mobile devices have become a key part of our daily lives, to the point that many of us openly feel undressed without our phones. As a result, our phones go everywhere with us. However, it’s important to remember that some applications have requested ...
User authentication is a critical security feature for a business, specifically because it helps to minimize a significant threat to your business. This is why we’re so adamant that you should require multi-factor authentication wherever it is availa...
There is always the possibility that you have been involved with a data breach and you simply have not been contacted by the affected party. Plus, if a hacker has managed to crack a website or service without being detected, you wouldn’t be notified ...
Let’s begin by making one thing abundantly clear—all businesses and industries could potentially be targeted by ransomware, regardless of their size or target audience. However, as of late, some industries have been targeted more and more. Let’s exam...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our offices in NH.  We will manage a local vendor for locations outside of our service area to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 60 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem NH and Portsmouth NH area.

White Mountain IT Services

 


33 Main St, Suite 302
Nashua, NH 03064

 


121 Riverfront Drive
Manchester, NH 03102

 

Client Help Desk
603-889-2210

 

Open Positions