X Sound CU App on Google Play Store Sound CU App on App Store VIEW VIEW

Protecting Your Business: Safeguarding Your Business From Email Phishing

Business & CommercialLife & Finances

A woman working on a laptop.
Business Email Compromise (BEC) isn't new, but there are ways to protect your business and yourself from these phishing attacks.

Protecting Your Business: Safeguarding Your Business From Email Phishing

There are a number of risks you’ll face in business and one of the most common ones are cyber security attacks called phishing. We’ve recently seen an increase in phishing attacks known as Business Email Compromise (BEC) – an information-seeking scam in which an attacker targets a business to defraud the company.

BEC attacks happen when a vendor you commonly work with clicks on a phishing email and gives up the username and password to their email account. The attacker then logs into the vendor’s email, goes into their address book, and sends the same type of phishing email to everyone in the victim’s address book, hoping to gain access to your account in the same way to continue spreading the fraudulent email.

While Business Email Compromise isn’t new, both the FBI and FTC have reported an uptick in this activity in the last two years which is impacting both business and consumer accounts. BEC has been reported by the Law Enforcement to be the 2nd most damaging type of crime for 2023 with a reported $2.9 Billion in losses. Between October 2013 and December 2022, $50 billion has been reported to the FBI.

Fortunately, phishing filters can stop a lot of those incoming messages before they reach anyone’s inbox, but the bad guys are always changing up their tactics. Be extra vigilant when checking your emails for unusual or unsolicited emails from trusted vendors. They will often take the form of “You have an encrypted message from…” or “You have a Microsoft OneNote document shared by…”

In addition to being on alert for your business, be aware that this expands beyond that and impacts our community. Below are some helpful tips to safeguard yourself from BEC attacks.


Ways to Protect Yourself

  • Utilize secondary channels or two-factor authentication (MFA/2FA) to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business/individual it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Refrain from supplying login credentials or personal identifiable information (PII) of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.
  • Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed.
  • Review filters in your email to ensure any alerts or notifications from your financial institution are not being directed outside of your inbox without your consent.
  • Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.