Ever heard of a BEC scam? It's hitting the Illawarra and has the ability to cripple your business's cash flow if you and your team aren't alert. Watch my video to see how scammers are getting away with it.
Hi. Chris Troncone here. IT Service Delivery Manager at The BMS Group.
Have you ever heard of a BEC scam? It's hitting the Illawarra and has the ability to cripple your business's cash flow if you and your team aren't alert.
This is how it often plays out:A hacker gets access to your network and starts looking around for information about people.
At this point you don't even know they're inside your business.
They're just observing what's going on.
They're completely silent.
They eventually work out who's responsible for bank account transactions.
For example your Accounts Officer.
They start paying closer attention to any conversations they have in relation to payments and who requests them - perhaps your CEO.
Once they've got enough information, the hacker intercepts your CEO's email address and asks your Accounts Officer to make a bank transfer for $5,000.
The request looks legitimate.
It's from the CEO's email address, it's written in a familiar way and it has your CEO's email signature.
The Accounts Officer replies - merely asking a couple of record-keeping questions about the transaction.
The hacker responds and says it's in relation to the purchase of office furniture.
Nothing unusual about that.
Your Accounts Officer happens to walk past the CEO and asks if they're ready to complete the transaction.
As a safeguard, your business has a two-person approval process in place for any payments over $2000.
Your CEO says "What transaction?"
Unravel the preceding steps with your CEO and you quickly realise a scam is in play.
Fortunately, there's no financial loss in this instance, but the hacker can still access your network.
Immediately all employee passwords are changed and you notify your IT provider for further help.
This is an example of a Business Email Compromise - a BEC scam.
Hackers are so relentless in their quest to access & use business data for financial gain that they will take their time (weeks or months even), get to know your business intimately from the inside and then attack.
We advise our clients to always hover over an email address if they think it may be suspicious.
In this case it looked legitimate.
Looking back, a blurry email signature photo and a few typos should have raised an alarm that the email was not legitimate.
You can never be complacent.
As hackers get wealthier, they can afford the time to monitor their targets at length before they mimic them and attack with finese.
If you can spare a few minutes it's worth your team becoming familiar with our hoax email tips.
User education is key to protecting your business.
Of course if you have any questions, please call us on 4254 5444 or email firstname.lastname@example.org.
Thanks for your time!