Businesses and individuals find themselves increasingly threatened by ever more imaginative and vicious scams to steal from them – directly and covertly. Two of the latest popular methods are the Business E-mail Compromise (BEC) scheme and Ransomware attacks.
Business E-mail Compromise (BEC)
BEC is a sophisticated form of wire transfer fraud that is becoming more commonly used against U.S. businesses. To perpetrate a BEC, fraudsters typically compromise a legitimate business’ email account – mostly that of a CEO or CFO, and use it to send wire transfer instructions to a company employee, misleading her/him to think that the instruction’s email arrived from the CEO/CFO. There are other BEC “flavors”, all exploiting people’s tendency to believe and comply with messages from high executives.
Businesses should be aware of this threat, and adjust their wire transfer practices so as to minimize their exposure to such a risk. Mitigating steps include:
- Verifying Wire Transfer Rules and Adhering to them
- Requiring a double check mechanism for wire transfer approvals (above a certain sum)
- Requiring multiple signatures on wire transfers (above a certain sum)
- Verifying transfer instructions with vendors and suppliers
Ransomware is a malware (invasive computer program) that is used by cyber criminals to take over a victim’s computer, restricts access to it by encrypting it and demand ransom in order to remove the restrictions.
Mitigating Against Ransomware
The most important mitigation against ransomware is to ensure that the business has a viable Continuity of Operations plan (COOP) plan in operation, including rigorous back-ups. Current back-ups of your data and software are vital to mitigate harm from ransomeware.
Another essential mitigating policy includes rigid avoidance of “trips” to unknown sites, and the opening of programs and/or attachments that one is not absolutely certain of their identity and safety.
To learn more about these vulnerabilities, and the ways to mitigate against them, you can contact TAL Global; you can also download the following documents, prepared by the United States Secret Service: