As organisations around the world spend even more on cybersecurity tools, cybercriminals are increasingly using a simple, yet effective ways to access organisations’ data or money through business email compromise (BEC) or CEO fraud.
International security awareness organisation, KnowBe4, explains that BEC is a type of scam in which cybercriminals gain access to – or convincingly replicate – the email address of a senior staff member. They then mail a relevant person within the organisation, instructing them to share information, or assist in making a payment. Because they do not request the recipient to click on a link or open up an attachment, they seem quite innocuous at first and do not trigger any security scanners or warning signs. However, they cause the largest monetary loss related to cybercrime.
BEC wire transfer fraud sees criminals taking advantage of an expected financial transaction such as a supplier payment, and asking the recipient to adjust the bank account information on an outgoing wire transfer. In many cases, the instruction may appear to come from the victim’s boss, and may even be written in a similar style that is used by the boss. Another common type of BEC is gift card scams, in which attackers pretend to be a colleague of the victim and ask them to purchase a digital gift card.
Anna Collard, SVP of Content Strategy&Evangelist for KnowBe4 Africa, says, “35% of all security incidents are business email compromise phishing attacks. According to security vendor GreatHorn’s 2021 Business Email Compromise Report (https://apo-opa.info/47byw0a), 71% of BEC attacks use a spoofed email account or website to establish credibility. Sixty-nine percent of BEC attacks utilise spear phishing, increasing their chances of reaching the right people within an organisation who have influence over money. According to the report, the finance industry is targeted 57% of the time, with CEOs next (22%) and IT third (20%).
“Reducing the risk of such attacks starts with security awareness training. People are sometimes not aware of the value of their email accounts. Beware of falling for phishing emails and ensure that you use strong and unique passwords on all your email accounts. Add another layer such as two-step or multi-factor authentication to your password. Verify any payment requests or change of banking details with the recipient out of band, for example via WhatsApp or a phone call,” Collard says.
KnowBe4’s free Phishing Security Test enables organisations to find out whether their staff would fall for convincing phishing attacks. Sign up for the test here: https://apo-opa.info/3FW1fuJ
Distributed by APO Group on behalf of KnowBe4.
Latest Stories
-
Anlo Dukor celebrates grand durbar of Anlo Hogbetsotso Za
6 mins -
Election 2024: Akufo-Addo pledges to respect Ghanaian will
22 mins -
EPL: Antoine Semenyo stars as Bournemouth defeat Manchester City
1 hour -
Watch CCTV footage of dramatic Adabraka daylight robbery
1 hour -
EPL: Liverpool come fron behind to beat Brighton
2 hours -
EPL: Jordan Ayew late goal salvages draw for Leicester against Ipswich
2 hours -
ESCO VOLTA holds meeting to strengthen cross-border cooperation in security, development
2 hours -
Kufuor Scholar champions Agricultural Innovation through Fidelity GreenTech Challenge
2 hours -
EPL: Isak scores at home again as Newcastle beat Arsenal
2 hours -
I’m proud that despite all the challenges, we have maintained Free SHS – Akufo Addo
5 hours -
Alan’s running mate, KOD says GRASP will revolutionize care for the Elderly in rural areas
5 hours -
Election 2024: Alan paints Accra yellow as the crowd marches through the capital with him
6 hours -
Vacant seats: Speaker has not done what would have led to greater peace – Kofi Bentil
6 hours -
Police on manhunt for Adabraka daylight robbers
6 hours -
Lordina Mahama presents medical supplies and equipment to Tishigu Health Center
6 hours