Freely subscribe to our NEWSLETTER

“The important part of International Fraud Awareness Week is awareness. With our rapidly changing world, there are new types of fraud every day. Yet, even with these new types of fraud there are some old favourites for criminals that will be with us for the foreseeable future.

“One of the most enduring and profitable is Business Email Compromise (BEC). This is when an attacker is able to gain access to a business email account, allowing them to send emails from the compromised account and potentially intercept business transactions.

“BEC often stems from emails where an attacker attempts to lead the victim to a fake login page. This page allows them to collect a user’s username, password, and any other login details, like multifactor authentication tokens. Once the attacker has this data, they log in as the victim and set up inbox rules to hide incoming emails: these emails may be about financial transactions, notifications regarding payroll changes, or emails from others trying to warn the user about abnormal behaviour from their account. These rules really depend on what type of fraud the criminal plans to attempt.

“The good news is there are ways to avoid falling victim to such attacks. Many organisations build in technological solutions to help prevent malicious emails from landing in user’s inboxes by automatically detecting suspicious indicators. Users can also protect themselves and their organisations by flagging any emails that appear suspicious to their security teams. This includes emails that may be coming from someone familiar but are requesting changes to details, such as banking information. This again brings us to awareness: it’s important to be aware that attackers will leverage victim accounts through BEC, and we need to be ready for it. “