Beware of Targeted Business Email Compromise Attacks

As cyber criminals continue to hack into email systems to gain information, we must stay vigilant to avoid becoming a victim of a scheme known as Business Email Compromise (BEC). This is a type of cyber-attack where the criminal impersonates an executive or supplier, or another known entity, and requests seemingly legitimate business payments. Because the emails look authentic and seem to come from a known authority figure and valid email, many employees comply. But later they discover they’ve been tricked into wiring money or depositing checks into criminals’ bank accounts.

Being alert and independently verifying any email asking you to update payment information or provide sensitive data is the best way to stop such an attack. Validate the request by phone or in-person (if possible) even if the request seems urgent. Don’t use the phone number given in the email; instead use the phone number you have used before or obtain it independently.

Be careful what you share online. By sharing things like pet names, schools you attended or your birthday, you are inadvertently giving a scammer the information they need to guess your password or answer security questions. Never share any company confidential data on social media. The fraudster uses this information to compromise your email and pose as you.

Timely reporting of suspicious emails (Phish) is the best way for us to prevent scammers gaining a foothold and compromising your email in the first place. A phishing email is usually the starting point of a BEC attack where the scammer gains access to your Inbox and can then impersonate you and contact your colleagues to make seemingly genuine requests.  As a reminder, a phishing email is different than a BEC attack in that it typically originates from an external unknown source and tricks you into opening an infected email or clicking on a malicious link. Therefore, if you see a suspicious looking email, report it by clicking on the Report Phishing Button in Outlook.

Our Cyber Security team will investigate reported emails as potential phishing attacks. It’s ok if you report a harmless email. But if the email is malicious, the intel you have provided will help Cyber Security determine the attack’s source and prevent similar attacks on our company. To learn more about Phishing emails and how to protect yourself download this Cyber Security Job Aid – Report Phishing.

For questions, please email