What is BEC?
- September 5, 2019
- Posted by: Kerry Tomlinson, Archer News
- Category: Archer News, Ask Archer, Cyber Crime, Cyber Crime, Cyberattack, Cyberattack, Posts with image, Secure Messaging, Secure Messaging
BEC stands for “business email compromise.”
It also means “you got hacked and scammed.”
Here’s how they do it —and how to protect yourself.
BEC means “business email compromise” — or in this case, “Batcave email compromise.”
Robin gets what he thinks is an email from his boss, telling him to pay an urgent bill.
$1 million is overdue for lobster thermidor, Batman’s favorite dish according to the Lego Batman movie.
Robin sends off the money, only to find out it’s really the villain Two-Face using Batman’s email address.
Think it won’t happen to you?
The Treasury Department says U.S. businesses are losing $300 million dollars to BEC every month, with 1100 new victims every thirty days.
How Do They Do It?
The crooks often start with a phishing email asking you to update the password on your email account, for example.
They take your password and take over your account, using it to get more access through the company.
Then they send a fake invoice to the finance department and convince employees to send a payment to their bank account, rather than the real vendor’s bank account.
A county in North Carolina paid $2.5 million to BEC scammers pretending to be contractors in July.
Also, the FBI just announced that BEC scammers took $11 million from Caterpillar.
Taking things to a new level, some BEC scammers used a fake computer voice to simulate a call from a German CEO and steal a couple hundred grand from an energy business in the UK in March.
The crooks — using a “deepfake” voice — called and told the energy business representative that they needed a $200,000-plus payment send to Hungary within the hour.
The victim grew suspicious when the “German CEO” called back for more money to a new location.
What Can You Do?
—Watch out for phishing emails and don’t click on links to reset passwords.
—Check the email sender carefully.
—Hover your mouse over links to see where they really lead.
—Make sure you have two-factor authentication, so if they do get your password, they can’t get into your account.
Experts recommend you call to verify payment requests that come in by email.
However, with the new phone attack with a fake computer voice, there are some added tips:
—Make sure you are the one calling to verify, rather than receiving the call.
—Call a number you know or you look up, rather than calling the number you receive in email or via phone call.
—Be careful of urgent requests for payment.
—Better yet, verify in person if possible.
See more “What is?” questions at Archer News:
Main image: Batman at desk. Image: cjmacer