The current crisis has forced employees of most businesses to work remotely. Consequently, there is an extensive use of personal mobile and WiFi networks to check official emails or connect to official laptops, instead of the much safer office LAN connections. Cybercriminals are using these vulnerabilities to their advantage, which has led to a spike in email frauds, phishing and ransomware attacks.
Business email compromise (BEC) incidents are currently the most common method of attack. According to the FBI’s 2019 Internet Crime Report, BEC-related frauds alone accounted for 23,775 complaints, leading to losses of over USD 1.7 billion.
Common types of BEC frauds
- CXO frauds: Cybercriminals pose as a senior executive to hack into accounts and send a flagged email requesting a transfer of funds.
- Account compromise: The employee’s email account is hacked and any emails, which contain an invoice, are intercepted to change the amount and bank details.
- Data theft attacks: A cybercriminal compromises a senior executive’s email account and requests that sensitive corporate information is sent to them.
Here’s what business leaders should ensure as they PLAN to minimise BEC and other cyber frauds
- Increase awareness of these fraud incidents and phishing attacks amongst employees
- Conduct spear-phishing campaign within the organisation to check internal
- Identify gaps and design controls around payment processes
- Conduct periodic assessments to identify security loopholes within the organisation