Today, as our lives are so intertwined with digital communication, the threat of email fraud must be taken seriously by all of us. Teresa W. recently shared a frightening experience that highlights the dangers of business email compromise (BEC).
“I almost lost thousands of dollars to Internet fraud. My personal bank representative called me and said she had seen almost all the funds in my business account withdrawn. I told her I didn't send it and she said my email came directly from me to her and that I would stop everything and get to the bottom of it.
“Apparently, the thieves got the wiring instructions document from my email and hacked it. They set a rule in Outlook that if you receive any email, ignore me and go straight to your banker. They changed the wiring instructions and sent it to my email address.'' But thankfully the banker alerted me and I found out the truth. ”
The incident highlighted a sophisticated scam in which cybercriminals gain access to legitimate email accounts and use them to trick others into transferring funds. Teresa's quick action, combined with bankers' vigilance, averted significant financial losses, but this is a wake-up call for many businesses.
We're giving away the latest and greatest Airpods Pro 2
Sign up to enter our giveaway free newsletter.
“You have been hacked!” written on the laptop home screen (Kurt “Cyber Guy” Knutson)
What is Business Email Compromise (BEC)?
Business email compromise (BEC) is a type of cybercrime that targets businesses involved in wire transfers and other financial transactions. The FBI reports that BEC fraud causes billions of dollars in losses worldwide. These scams are especially insidious because they exploit human psychology rather than technological vulnerabilities.
hacker at work (Kurt “Cyber Guy” Knutson)
Here's what ruthless hackers stole from 110 million AT&T customers
How the scam works
Email hacking: Scammers often access email accounts by: Phishing attacktricking users into revealing their login credentials or introducing malware that captures sensitive information.
Creating email rules: Once in your account, scammers can create rules to redirect or hide certain emails in email clients like Outlook. This means that communications related to fraudulent activity may go unnoticed by the victim.
Impersonation: Scammers impersonate victims and send emails to contacts, such as banks or vendors, requesting urgent wire transfers or sensitive information.
execution: Scammers provide convincing details and urgency in their requests to make it appear as if the email is truly from the victim. They may use specific words or references that only the victim and their contacts know.
hacker at work (Kurt “Cyber Guy” Knutson)
Beware of encrypted PDFs as the latest method to deliver malware
Impact on real life
The impact of BEC fraud can be devastating for businesses. In addition to direct financial losses, businesses may face reputational damage, loss of customer trust, and potential legal repercussions. For small businesses like Teresa, which may not have extensive cybersecurity measures in place, the impact can be particularly severe.
computer security illustration (Kurt “Cyber Guy” Knutson)
What to do if your bank account is hacked
Precautions to avoid becoming a victim of BEC fraud
To combat BEC and similar scams, businesses must take a proactive approach to cybersecurity.
1) Use strong antivirus software: Check your system with reliable, up-to-date and powerful antivirus software. The best way to protect yourself from malicious links that can install malware and access your personal information is to install antivirus software on all your devices. This protection also warns you about phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best antivirus protection products of 2025 for Windows, Mac, Android, and iOS devices.
2) Use strong passwords. Make sure your password is complex (a combination of letters, numbers, and symbols) and unique for each account. Create a strong and unique password. Please consider using . password manager Generate and save complex passwords.
3) Enable two-factor authentication. Enable multi-factor authentication if possible. This adds an extra layer of security to your account.
4) Monitor your account. Always monitor your financial accounts, email accounts, and social media for unusual activity. If you think a scammer has stolen your personal information, consider identity theft protection here..
Identity theft companies monitor your personal information, such as your social security number, phone number, and email address, and alert you if it is sold on the dark web or used to open an account. It can also help freeze bank and credit card accounts to prevent further misuse by criminals.
One of the best things about using some of our services is identity theft insurance of up to $1 million to cover your losses and legal costs, as well as an excellent fraud insurance policy with a US-based case manager to help you recover your losses. It includes a resolution team. Check out our tips and recommendations on how to protect yourself from identity theft.
5) Invest in a personal data deletion service: Using a data deletion service can be an effective additional step to protect your personal information after potential BEC fraud. These services locate and remove your information from various online platforms, databases, and data brokers. Data deletion services minimize your online presence by removing unnecessary or outdated information, making it harder for fraudsters to find and misuse your data.
No service promises to remove all data from the Internet, but if you want to constantly monitor and automate the process of removing information from hundreds of sites over an extended period of time, a removal service is a good option. is the best. Check out my recommended data deletion services here.
6) Update your security questions regularly. We regularly change our security questions and answers for added protection.
7) Review your email rules regularly. Check for unauthorized changes to email settings that may indicate a compromise.
8) Disable automatic forwarding. Unless absolutely necessary, turn off automatic forwarding to prevent sensitive information from being sent elsewhere without your knowledge.
9) Confirm your request. Please be sure to confirm your financial request through a secondary communication method (such as by telephone) before proceeding with any transaction.
10) Restrict access: Restrict access to financial information and transactions to only those within your organization who need it.
11) Contact an expert: If you are unsure of the steps or if the situation seems serious, consider contacting professional IT services.
12) Report the incident. Report the scam to your local authorities. Federal Trade Commission in the usa
13) Create an alias email address. To avoid being flooded with spam emails, I recommend the following: alias email address. An alias email address is an additional email address that you can use to receive email in the same mailbox as your primary email address. This acts as a forwarding address and forwards emails to your primary email address.
In addition to creating disposable email accounts for online sign-ups and other situations where you don't want to reveal your primary email address, alias email addresses can help you process and organize the communications you receive.
In some cases, it's best to create different email aliases so you don't have to worry about receiving a ton of spam emails or eventually having your emails stolen in a data breach. Alias email addresses are a great way to prevent continued spam email by simply removing the email alias address. Read my review of the best secure and private email services here..
Cart important points
The story Teresa W. shared serves as an important reminder of the vulnerability inherent in our digital communications. The rise in BEC fraud not only threatens financial security but also undermines trust in electronic transactions. By implementing robust security measures and maintaining vigilance at all levels of the organization, individuals and businesses can protect themselves from these insidious attacks.
What further steps do you think businesses and government agencies should take to effectively combat the growing threat of email fraud? Email us at. Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter.
Ask Kurt a question or let us know your story you'd like us to cover.
Follow Kurt's social channels:
Answers to CyberGuy frequently asked questions:
New from cart:
Copyright 2024 CyberGuy.com. Unauthorized reproduction is prohibited.
