According to Symantec’s 2016 Internet Security Threat Report (1), cybercrime attacks on small to medium-sized (SME) businesses have been increasing steadily over the last five years.
Although many of the high profile cases covered in the media involve large corporations, 43% of spear-phishing attacks – which use emails to trick recipients into clicking on a link and/or entering their confidential credentials – blocked by Symantec in 2015 were waged against companies with less than 250 employees. Another 22% targeted those with between 250 and 2,500 employees.
The fact is, no business is too small to be a victim and fraudsters are constantly devising new ways to steal information and money. One recent growing online security threat is the Business Email Compromise, also known as CEO Fraud and Chairman Fraud.
What is Business Email Compromise?
A business email compromise scam is a form of social engineering that involves a fraudster sending an email to a company’s payments team impersonating a contractor, supplier, creditor or even someone in senior management.
For example, the payments team may receive an email appearing to be from the CEO asking that an urgent payment be made.
Very often the email also instructs the recipient not to discuss the matter with anyone else.
In other scenarios, the payments team might receive an email or forged letter from a supplier advising that their account numbers have changed and requesting all future payments be made to the new account.
In both cases, this type of fraud can be difficult to detect since the sender’s email address appears to match that of a known address. Cybercriminals may sometimes even hack into a specific person’s actual email address – making it very difficult to identify as fraud.
(1) The Symantec 2016 Internet Security Threat Report can be downloaded at: https://www.symantec.com/security-center/threat-report