The web is an ever-expanding universe of resources and services. Working as a web user, however, requires prudence and constant attention: not only services are multiplying, but also the risks in the IT sector. Among these is the Business E-mail Compromise (BEC), one of the most recent scams. Let’s see what it consists of and how to defend yourself.
Business E-Mail Compromise: What Exactly Is It?
Even simple e-mail, a means of communication used daily by companies and individuals, can hide various pitfalls. When you are the victim of a BEC attack, a cybercriminal assumes the digital identity of a contact known to you in order to trick you into sending money to his bank details or obtaining sensitive data.
In the corporate environment, a hacker could pretend to be an executive in order to extort documents or information from employees, or enter into negotiations with suppliers in order to transfer money to his account; however, this type of scam can also be encountered during real estate transactions, typically when a cybercriminal assumes the identity of a real estate agent or law firm.
How Can We Defend Against BEC Attacks?
What makes BEC attacks particularly dangerous is their ability to bypass normal security mechanisms (such as spam and virus filters). In addition to not containing any kind of malware, the messages are studied down to the last detail so as not to be distinguishable from a legitimate email.
However, there are a number of steps to follow to avoid falling into a Business E-mail Compromise scam. We have collected some for you:
1) Periodically train your company staff and your customers on cybersecurity so that they are able to defend against the latest forms of BEC attacks. In these cases, knowledge is power.
2) Establish secure procedures for the transfer of money. If you receive an email containing a request to change the payment method, it is good to verify the identity of the interlocutor by calling a telephone number we were already available for or even requesting a document to be delivered in person.
3) In case of sending invoices, fill in a PDF complete with the correct IBAN code and digitally sign it to ensure the legitimacy of the data sent.
4) Use the Certified Electronic Mail (PEC), which thanks to its protocols guarantees the integrity and security of the messages, allowing you to verify the certified domain of the sender.
5) View the header (or header) of the received email, which contains all the information relating to the email, allowing us to ascertain the authenticity of the sending server. This procedure is quite complex for a user without computer skills, but fortunately, there is more advanced antispam software that implements these checks automatically: a wise investment in the security of your transactions.