Warning Signs
Business Email Compromise (BEC) attacks can be sophisticated, but there are several warning signs that organizations and individuals should be aware of to help detect and prevent falling victim to such attacks:
- Unexpected or Unusual Requests: BEC attacks often involve requests for urgent or unexpected actions, such as wire transfers, changes to payment instructions, or requests for sensitive information. Be cautious of any unexpected requests, especially those that deviate from established protocols or standard procedures.
- Email Spoofing or Impersonation: BEC attackers may spoof or impersonate legitimate email accounts or domains to make their emails appear authentic. Look for signs of email spoofing, such as slight variations in email addresses or misspelled domains, and be cautious of emails that appear to be from known contacts but contain unusual content, formatting, or language.
- Urgency or Pressure: BEC attackers often use urgency or pressure to manipulate victims into taking hasty actions without proper verification. Be cautious of emails that create a sense of urgency, pressure, or fear, and always take the time to verify requests through trusted channels before taking any actions.
- Changes to Payment Instructions or Account Information: BEC attacks may involve requests to change payment instructions or account information, such as redirecting payments to a different bank account or payment processor. Always verify any changes to payment instructions or account information through trusted and verified channels, such as in-person or phone verification.
- Unusual Requests for Information: BEC attackers may request sensitive information, such as usernames, passwords, financial data, or personally identifiable information (PII). Be cautious of any requests for sensitive information, especially if they are unusual or not in line with established protocols.