Cyber attacks are becoming more common by the day, most people have heard of ransomware, but a growing trend is whats called Business email compromise (BEC), I know who thought up that winner of a name…
So what does that really mean? Basically its fraud via email, Its not installing something bad, or stealing your accounts, they are just convincing you to do something from emailing you.
Recently there have been several high profile Canadian cities that have fallen victim. https://saskatoon.ctvnews.ca/how-other-canadian-municipalities-lost-money-to-fraudsters-and-hackers-1.4552021
Here is the most common way that happens. The bad guy creates an email account that sounds like one of your vendors. Then they email you pretending to be them and tell you that they need to change their bank account info because they switched banks. Now the next time you pay that vendor, who gets the money, hint its not your vendor. Normally by the time your vendor contacts you to say where is my money, your payment has been moved through a bunch of accounts and its gone forever.
The biggest problem with this attack is that there are no good technical ways to defend against it. Its just an email that looks legitimate, so no antivirus in the world is going to do a thing about it.
What to do about it?
There are two main ways to defend against it.
The first and most important is to change your process around things like bank account changes. For starters don’t accept changes via email, if you get an email asking for it to be changed make sure you call them up and double check. Now there is a big caveat here, do not call the number from the email, go and look up the company yourself, google it or whatever.
The second thing to do is to improve your email protection, and use a product that does everything possible to filter out these kinds of messages. These are not normal spam, and normal spam blockers won’t do anything for you. You need one built specifically to stop phishing emails like these.
If you need help with checking your processes, or setting up anti-phishing protection (it starts under $20 a month, its really not bad at all), reach out and I would love to help you protect your business.