What is business email compromise (BEC)?
There has been a significant increase in the number of BEC scams in recent times. A publication released by the Australia Cyber Security Centre (ACSC) shows total losses for the 2020–21 financial year were approximately $81.45 million (AUD), an increase of nearly 15 per cent from the previous financial year. Average loss per successful BEC transaction also increased by 54 per cent.
Business email compromise is when someone receives an email that appears to be a legitimate business email. Often it will be very cleverly crafted to look like it has come from someone you know - often an executive or senior member within an organisation.
Different to some of the other malicious emails we see that ask us to click on a link, these sophisticated, professional, very realistic looking emails will ask you to do something - like make a payment or provide data - making it much harder to detect automatically.
Often there's a sense of urgency. If you receive an email from the CEO of company, it’s common to automatically jump into response mode, thinking ‘I need to action this and can’t question it – it’s from the CEO’.
But if you receive an email like this, take a minute to pause and ask yourself ‘would the CEO really ask me to do this?’
‘Would they really ask me to make an urgent payment?’ It's about actually calling it out, saying ‘that doesn't look quite right’.