That flowery email from a Nigerian Prince who can’t spell has been supplanted by a far more dangerous phish — the Business Email Compromise (“BEC”). According to the FBI, in the past two years over 8,000 businesses, small and large, have been victimized by BEC attacks for combined losses of over $1.2 billion.
What is BEC? BEC is a sophisticated hack in which a scammer (usually impersonating the boss) instructs an employee to send money or sensitive data to what appears to be a vendor or other plausible business recipient. In some cases, the hacker infiltrates the company’s email system and sends the email from a recognized address. In others, the email address has only a minor difference. BEC hackers also research social media and company websites to mimic communication styles and to reference actual company matters.
The best defense against BEC is solid HR training: require in-person confirmation of payment requests; educate personnel in cyber-security; and train employees never to deviate from normal checks and controls.
Farrow-Gillespie & Heath LLP provides employment law training and HR counseling for cyber-related issues, along with insurance policy review for coverage related to cyber attacks.