How ignoring an email from your boss might save you from cyber crime

09 December 2021 - 07:00
subscribe Just R20 for the first month. Support independent journalism by subscribing to our digital news package.
Subscribe now
Business email compromise (BEC) or CEO fraud is a form of scam where criminals gain access to an email address of a senior staff member and mail a relevant person within the organisation instructions to share information or help in making a payment.
Business email compromise (BEC) or CEO fraud is a form of scam where criminals gain access to an email address of a senior staff member and mail a relevant person within the organisation instructions to share information or help in making a payment.
Image: 123RF/welcomia

Cyber criminals are targeting staff by hacking into senior employee's emails and requesting personal data from unassuming employees, according to a computer security company. 

This practice, known as business email compromise (BEC) or "CEO fraud", allows cyber criminals to gain access to – or to convincingly replicate – the email address of a senior staff member and then send a mail to a relevant person within the organisation, instructing them to share information or help in making a payment. 

In many cases, the instruction may appear to come from the victim’s boss, and may even be written in a similar style that is used by the boss.

Anna Collard, senior vice-president of content strategy for KnowBe4 Africa, a security awareness organisation, said as much as a third of all security incidents are BEC phishing attacks.

"Because they do not request the recipient to click on a link or open an attachment, they seem quite innocuous at first and do not trigger any security scanners or warning signs. However, they cause the largest monetary loss related to cyber crime," said Collard.

According to security vendor GreatHorn’s 2021 BEC Report, 71% of BEC attacks use a spoofed email account or website to establish credibility.

Sixty-nine percent of BEC attacks utilise spear phishing, increasing their chances of reaching the right people within an organisation who have influence over money.

The report cited finance as being the number one target (57% of the time), with CEOs next (22%) and IT third (20%).

Collard said people should reduce the risk of falling prey to cyber criminals by ensuring they have strong and unique passwords on all their email accounts.

"Add another layer such as two-step or multi-factor authentication to your password. Verify any payment requests or change of banking details with the recipient, for example via WhatsApp or a phone call."

TimesLIVE


subscribe Just R20 for the first month. Support independent journalism by subscribing to our digital news package.
Subscribe now

Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.

Speech Bubbles

Please read our Comment Policy before commenting.