Three Misconceptions about Business Email Compromise (BEC) Attacks, Debunked

December 02, 2016
Nikki Cosgrove

Highly-targeted, low volume business email compromise (BEC) scams are one of the biggest threats to companies today. Unlike traditional high-volume credential phishing attacks, BEC is a form of highly targeted email spoofing that impersonates corporate identities to solicit fraudulent wire transfers, steal company data, credentials and other confidential information. Because they rarely contain malicious links or attachments, BEC scams are extremely difficult to prevent.

Unfortunately, too many organizations are guided by false information about the gravity of this rising threat and how to fight it.

Below, we explore and debunk three common misconceptions about BEC attacks. To learn more, we encourage you to join our webinar “How to Fight the Next Generation of BEC Attacks” next Tuesday, December 6, at 10 a.m. PT, when we will be diving deeper into the BEC problem and best practices for fighting back.

Misconception #1: Education should be your company’s first line of defense.

There’s no doubt that education about email fraud is important, especially amongst the C-suite. Unfortunately, it is not sufficient as a first line of defense against BEC. To remove the guesswork from users entirely, companies must upgrade to the latest version of their secure email gateways and leverage email authentication controls including DMARC (Domain-based Message Authentication Reporting and Conformance), to detect and block all spoofed email addresses while maintaining the delivery of legitimate email.

Misconception #2: BEC hasn’t happened at my organization...and probably won’t.

When it comes to cybercrime, it’s easy to think it won’t happen to you. But wishful thinking is dangerous. According to a recent Proofpoint analysis, 80 percent of organizations experienced at least one BEC attack within one month. Just because you haven’t yet detected phishing attacks does not mean your employees and customers are safe. As we’ll explore in next week’s webinar, you’re probably getting hit by BEC attacks, and gaining visibility is a crucial first step in addressing the problem.

Misconception #3: BEC is security’s problem—it doesn’t have a huge impact on the business.

Too often, organizations don’t prioritize BEC protection because they underestimate the business impact of an insecure email channel. The truth is, BEC directly impacts your business’ bottom line. Just take a look at what BEC attacks cost eight companies in the past two years:

Perhaps the most devastating reality for these companies is that with the right technology, the majority of these attacks could have been prevented.

Ready to learn about how to fight BEC attacks and protect your organization? Register here to join our webinar next Tuesday, December 6. Even if you can’t make it for the live session, we will send you the recording if you sign up.