how to shield your company from bec attacksbusiness email compromise/email account compromise...

Business Email Compromise/Email Account Compromise (BEC/EAC) scams can destroy businesses. Shield your company against BEC/EAC scams by taking these steps: a. Company domain: Establish a DMARC record. b. Email accounts: Enable two-factor authentication. c. Awareness: Know that attackers often send BEC/ EAC scam emails when the executives they are trying to impersonate are traveling on business. a. Adopt a comprehensive antiphishing program that includes a phishing simulations program and a reporting tool to empower all your employees. b. Identify speciﬁc, real-world phishing scenarios and add them into your phishing simulation rotation. 131 Countries Impacted by BEC/EAC scams 3 2,370% 4. Simulate 1. Protect a. Minimize the number of people who process and approve wire transfers. b. Make a list of these authorized personnel available to employees. 2. Authorize Sources 1. FBI, "Business Email Compromise Email Account Compromise: The 5 Billion Dollar Scam,” May 4, 2017 2. Ibid. 3. Ibid. a. Require dual authentication and approval of all wire requests. b. Verify new or different payments (with at least two people). c. Create a maximum amount that can be withdrawn for wire transfers. 3. Authenticate $5.3 Billion USD in actual and attempted loses from BEC/EAC 2 Increase in ﬁn ancial losses from BEC/EAC 1 From BEC Attacks How to Shield Your Company

Upload: others

Post on 04-Jul-2020

8 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Business Email Compromise/Email AccountCompromise (BEC/EAC) scams can destroy businesses.

Shield your company againstBEC/EAC scams by taking these steps:

a. Company domain: Establish a DMARC record.b. Email accounts: Enable two-factor authentication.c. Awareness: Know that attackers often send BEC/ EAC scam emails when the executives they are trying to impersonate are traveling on business.

a. Adopt a comprehensive antiphishing program that includes a phishing simulations program and a reporting tool to empower all your employees.b. Identify specific, real-world phishing scenarios and add them into your phishing simulation rotation.

131 CountriesImpacted by

BEC/EAC scams3

2,370%

4. Simulate

1. Protect

a. Minimize the number of people who process and approve wire transfers.b. Make a list of these authorized personnel available to employees.

2. Authorize

Sources1. FBI, "Business Email Compromise Email Account Compromise: The 5 Billion Dollar Scam,” May 4, 20172. Ibid.3. Ibid.

a. Require dual authentication and approval of all wire requests. b. Verify new or different payments (with at least two people). c. Create a maximum amount that can be withdrawn for wire transfers.

3. Authenticate

$5.3 Billion USDin actual and attempted

loses from BEC/EAC 2Increase in financial losses

from BEC/EAC 1

From BEC AttacksHow to Shield Your Company

The Buildings Energy Efficiency Ordinance · BEC •Commercial building •Composite building –commercial portion EAC 6) Hotel & guesthouse 7) Educational building 8) Community

Consumer Scams

Gold Scams

Senior Scams

1 REA Briefing on BEC 2018 & EAC 2018 Edition under the ... on... · BEC (Full) Apply for COCR Existing Building (Pt. 3) Responsible person; Owner of installation(s) Major Retrofitting

CitiBank Scams

Cyber Securityo J urnal...Cyber Security Journal Vol. / One Business Email Compromise Even the most robust cyber security processes will be ineffective against BEC scams without updated,