Because our lives are so intertwined with digital communication today, the threat of email fraud is something we all need to take seriously. Recently, Teresa W. shared a terrifying experience that highlights the dangers of Business Email Compromise (BEC).
“I almost lost many thousands of dollars through an online scam. I got a call from our personal banker who said she saw almost all of the money being withdrawn from our business account. She said she got an email from me along with the money transfer He said I told her that I didn’t send it, and she said that my email went directly to her.
“Apparently the thieves got hold of the wiring instructions paper from my email, which they hacked into. They created a rule in Outlook to bypass me if anything came from them and go straight to the banker. They changed the wiring instructions to get into their account , but thank goodness our banker warned me I could get to the bottom of it. Too close for comfort!”
This incident highlights a sophisticated scam in which cybercriminals gain access to legitimate email accounts and use them to trick others into transferring funds. Teresa’s quick action, combined with her banker’s caution, prevented significant financial loss, but serves as a wake-up call for many businesses.
I’M GIVING AWAY THE LATEST AND BEST AIRPODS PRO 2
Participate in the giveaway by logging in to my free newsletter.
“You’ve been hacked!” written on the home screen of the laptop (Kurt “CyberGuy” Knutsson)
What is Business Email Compromise (BEC)?
Business Email Compromise (BEC) is a form of cybercrime that targets businesses involved in bank transfer payments and other financial transactions. The FBI reports that BEC fraud has caused billions in losses globally. These scams exploit human psychology rather than technical vulnerabilities, which makes them particularly insidious.
A hacker at work (Kurt “CyberGuy” Knutsson)
HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T USERS
How the scam works
Email Hacking: Fraudsters often gain access to email accounts via phishing attackswhere they trick users into revealing their login credentials or by introducing malware that captures sensitive information.
Creating email rules: Once inside an account, fraudsters can create rules in email clients such as Outlook that redirect or hide certain emails. This means that any communication related to fraudulent activities can go unnoticed by the victim.
Impersonation: The scammer poses as the victim and sends emails to contacts, such as banks or suppliers, asking for urgent bank transfers or sensitive information.
Execution: The scammer provides convincing details and urgency in their requests, making it appear that the email is really from the victim. They may use specific language or references known only to victims and their contacts.
A hacker at work (Kurt “CyberGuy” Knutsson)
BEWARE OF ENCRYPTED PDFS AS THE LATEST MALWARE DELIVERY TRICK
Real life implications
The consequences of BEC fraud can be devastating for businesses. In addition to direct financial losses, companies may face reputational damage, loss of customer trust, and possible legal consequences. For small businesses like Teresina, which may not have extensive cybersecurity measures in place, the impact can be particularly severe.
Computer security illustration (Kurt “CyberGuy” Knutsson)
WHAT TO DO IF YOUR BANK ACCOUNT HACKED
Proactive steps to avoid becoming a victim of BEC scams
To combat BEC and similar fraud, companies must adopt a proactive approach to cybersecurity.
1) Have strong antivirus software: Use reputable, up-to-date and strong antivirus software to scan your system. The best way to protect yourself from malicious links that install malware, potentially accessing your personal information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android, and iOS devices.
2) Use strong passwords: Make sure passwords are complex (a mix of letters, numbers, and symbols) and unique for each account. Be sure to create strong, unique passwords. Consider using a password manager for generating and storing complex passwords.
3) Enable two-factor authentication: Where possible, enable multi-factor authentication. This adds an extra layer of security to your accounts.
4) Track your accounts: Keep an eye on your financial accounts, email accounts and social media for unusual activity. If you think your identity has been stolen by fraudsters, consider identity theft protection here.
Phishing companies can track personal information like your Social Security number, phone number and email address and alert you if it’s being sold on the dark web or used to open an account. They can also help you freeze bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using some services is that they can include up to $1 million in identity theft insurance to cover losses and legal fees, and a white glove fraud resolution team where a US-based case manager helps you recover any losses. Check out my tips and top picks on how to protect yourself from identity theft.
5) Invest in personal data removal services: Using a data removal service can be an effective additional step to protect your personal data after a potential BEC scam. These services locate and remove your information from various online platforms, databases and data brokers. By removing unnecessary or outdated information, data removal services reduce your online presence, making it harder for fraudsters to find and exploit your information.
While no service promises to remove all of your data from the Internet, a removal service is great if you want to continuously monitor and automate the process of removing your data from hundreds of sites continuously over a long period of time. Check out my top picks for data removal services here.
6) Update security questions regularly: Periodically change the security questions and answers to improve protection.
7) Review email policies regularly: Check for any unauthorized changes to your email settings that could indicate a compromise.
8) Disable automatic forwarding: Unless absolutely necessary, turn off automatic forwarding features to prevent sensitive information from being sent to other locations without your knowledge.
9) Check the requirements: Always verify all financial requirements with a secondary communication method (eg phone call) before proceeding with transactions.
10) Limit access: Limit access to financial information and transactions to only those who need it within your organization.
11) Contact professionals: If you are unsure about any step or if the situation seems serious, consider contacting a professional IT service.
12) Report an incident: Report the fraud to your local authorities i Federal Trade Commission in the USA
13) Create alias email addresses: My top recommendation to avoid being inundated with spam is to use alias email address. An alias email address is an additional email address that can be used to receive email in the same mailbox as the primary email address. Acts as a forwarding address, directing email to the primary email address.
In addition to creating disposable email accounts for online applications and other circumstances where you don’t want to reveal your primary email address, alternate email addresses are useful for handling and organizing incoming communications.
Sometimes it’s best to create a variety of email aliases so you don’t have to worry about getting a bunch of spam and eventually having your email stolen in the event of a data breach. An alternate email address is a great way to stop receiving constant spam by simply deleting your alternate email address. Check out my review of the best secure and private email services here.
SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK WITH ALL YOUR TECH DEVICES
Kurt’s outdoor essentials
The story shared by Teresa W. serves as a crucial reminder of the vulnerability inherent in our digital communications. The rise of BEC fraud not only threatens financial security, but also erodes trust in electronic transactions. By implementing strong security measures and maintaining vigilance at all levels of the organization, individuals and businesses can protect themselves from these insidious attacks.
What additional measures do you think businesses and government agencies should take to effectively combat the growing threat of email fraud? Let us know by writing to us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter by going to Cyberguy.com/Newsletter.
Ask Kurt a question or tell us what stories you want us to cover.
Follow Kurt on his social channels:
Answers to the most frequently asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
