Is Your Business Safe From a Business Email Compromise Claim?
Author, Jeremy Hoolihan, Account Executive, Rancho Mesa Insurance Services, Inc.
Cybercrimes are at an all-time high. News sources report cybercrimes almost on a daily basis with most of the press relating to company breaches and cyber extortion. However, one of the biggest cyber threats that is often overlooked is Business Email Compromise (BEC).
BEC is a type of email cybercrime scam in which an attacker targets a business to defraud the company. BEC attacks use real or impersonated business email accounts to defraud employees. In 2020, BEC scammers made over $1.8 billion – far more than any other type of cybercrime.
In this type of cybercrime, the scammer sends an email that looks like it came from someone the recipient knows, like a superior or co-worker, and asks them to do perform a task. For example, the email may request:
A change to a vendor’s mailing address so future payments are sent to the scammer and not to the actual vendor.
An employee to purchase gift cards for a charity auction or employee rewards and then asks for the serial numbers on the cards so the scammers can use them without ever having the physical card.
A client is sent an email with wire instructions for payment of an invoice that appears to come from your company, but instead it is for the scammer’s bank account.
BEC scams use a variety of impersonation techniques. The following 3 techniques tend to be the most common:
A spoofed email address or website often has a slight variation from the legitimate address or URL. At a quick glance, the spoofed email address may fool victims into thinking it’s authentic. However, upon a closer look, an “L” might be switched out for a “I” or an “0” for an “o.”
Phishing emails appear to come from a trusted sender in order to trick the victim into providing personal or confidential information like account numbers, usernames, personal identification numbers, passwords or answers to security questions. Then, the information is used to gain access to networks, accounts, and other data.
Cyber criminals can infiltrate a company’s network using malicious software and gain access to networks and legitimate emails, often getting information about billing and invoices. This type of cybercrime is often unnoticed until it is too late.
For ways on how to protect your business from BEC claims, Rancho Mesa recommends first starting with a Cyber Liability policy. A comprehensive Cyber Liability policy will not only respond to BEC claims, but it can also provide coverage for other cybercrimes such as cyber extortion, cyber breach, and network security. If you have an interest in obtaining a Cyber Liability policy please feel free to reach out to me at 619-937-0174 or jhoolihan@ranchomesa.com.