Business email compromise scams are a constant cyber-security concern for organizations of all shapes and sizes, including high net-worth individuals. How can you protect yourself from business email compromise scams? Can insurance help?
Business email compromise
Business email compromise (BEC)—also known as email account compromise (EAC)—is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional.
In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request, like in these examples:
- A vendor your company regularly deals with sends an invoice with an updated mailing address.
- A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
- A homebuyer receives a message from his title company with instructions on how to wire his down payment.
Versions of these scenarios happened to real victims. All the messages were fake. And in each case, thousands—or even hundreds of thousands—of dollars were sent to criminals instead.
How criminals carry out BEC scams
A scammer might:
- Spoof an email account or website. Slight variations on legitimate addresses (firstname.lastname@example.org vs. email@example.com) fool victims into thinking fake accounts are authentic.
- Send spear-phishing emails. These messages look like they’re from a trusted sender to trick victims into revealing confidential information. That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the BEC schemes.
- Use malware. Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. That information is used to time requests or send messages so accountants or financial officers don’t question payment requests. Malware also lets criminals gain undetected access to a victim’s data, including passwords and financial account information.
How to protect yourself
If you or your company fall victim to a BEC scam, it’s important to act quickly:
- Contact your financial institution immediately and request that they contact the financial institution where the transfer was sent.
- Contact your local FBI field office to report the crime.
- File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
- Get cyber insurance.
Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. A robust cybersecurity insurance market could help reduce the number of successful cyber-attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection. Please contact CMR & Associates for help in determining the best cybersecurity coverage for businesses and high net-worth individuals.
About CMR & Associates + PolicySmart™
CMR & Associates’ risk management consultants provide independent retirement and insurance advice by reviewing your current plans to improve coverage and reduce cost. Through CMR’s proprietary database – The CMR Database® (comprised of some 13,000 brokers and specialists globally), we maximize access to the insurance and retirement industry for greater options that will translate to better coverage and lower cost.
Please email CMR & Associates or call 877-447-4301 or 212-447-4300 for more information.