Business email compromise (BEC), is when an attacker gets into a company’s email and pretends to be someone important, like a boss or an employee. They do this to trick others in the company or their clients into doing things that can cost the company money or expose secret information.
Recently, we witnessed a disheartening incident involving one of our valued clients. A customer of our client had their business email account compromised, leading to a domino effect of costly consequences. Here’s what happened:
Our client sent a $6,000 invoice to their customer. On arrival it was intercepted and diverted to a threat actor that had compromised the email account. The threat actor then created a near identical invoice, with altered banking details, and sent it to our client’s customer.
Regrettably, our clients customer unknowingly paid the fraudulent invoice. At no time was our customer’s systems compromised but they are still left having to fight to get paid.
This alarming incident highlights the very real threat of email compromise that can impact any business, regardless of its size. But fear not, we’re here to help you protect your venture!
Protect Your Business
Use Your ABN as Your PayID
Start using your Australian Business Number (ABN) as your PayID. It adds an extra layer of security to your transactions, making it more difficult for fraudsters to intercept and manipulate payment details. Advise your customers verbally that PayID is your preferred payment method and that your business name should be displayed when they make the payment.
Multi-Factor Authentication (MFA)
Enable MFA on all your accounts, especially your email and financial platforms. This ensures that even if your password is compromised, a second authentication step is required for access. Talk to Qbit if you don’t have MFA enable.
Educate Your Team
Train your employees on the importance of cybersecurity. Teach them to recognize suspicious emails and encourage reporting them immediately. Talk to Qbit about implementing Quick 5-minute training videos once a month.
Regularly Update and Secure Your Systems
Keep your software and systems up-to-date. Implement strong passwords and change them regularly. Your Windows / Microsoft 365 password should only be used for this purpose and all other passwords should be in a password vault.
Verify Payment Details
Always verify any change in payment details with a trusted source, especially when dealing with large transactions. A quick phone call can save you from falling into a trap. Take Action Now!
Get A Free Security Audit
Worried about your business’s cybersecurity? Call Qbit for a FREE security audit! Don’t leave your business’s security to chance. Get expert advice today.