How to Avoid Business Email Compromise | Free Antivirus Software

With business e-mail compromise, hackers target specific business e-mail addresses - often those of your superiors. This way you can spot the attack before damage occurs.

Everyday Emails Are at High Risk of Being Hacked

Even in times of modern instant messaging applications such as Slack or Discord, the good old e-mail still has a central position in communication in a business context - whether as a means of interacting with customers or negotiating contracts with suppliers and managing employees through to internal file sharing. It are precisely this everyday use and the fact that emails are a matter of course that make them one of the most attractive avenues for hacking companies. How successful they are is shown by the latest figures in Verizon's Data Breach Report, according to which e-mails remain the most common attack vector (96%) for social engineering attacks valid. Above all, phishing attacks on companies, the so-called “Business Email Fraud” or “Business Email Compromise” (German: business email fraud), cause immense costs.

Business E-Mail Compromise Can Affect Anyone

Business e-mail fraud can take many forms: from relatively easy-to-recognize mass mailings sent to employees of a company to extremely well-prepared spear-phishing attacks against individual employees. In theory, anyone with a business email address is affected. Particularly perfidious: fraudsters often pose as colleagues, in some cases also as superiors. Then one speaks of the so-called “CEO Fraud” (German: Superiors Fraud).

How Can I Recognize Business Email Compromises?

Even if the forms of business e-mail compromise is quite diverse, you can recognize them based on certain criteria. This enables you to take action yourself and successfully defend your company on the cyber front. It is possible to detect and prevent email fraud even if you are not an expert in the field of cybersecurity. These six factors are common to many counterfeit or fraudulent emails in the business context - they will help you identify dangerous emails and avoid business email compromise and CEO fraud:

1. Urgency: Cyber ​​criminals have a great interest in carrying out frauds quickly in order to prevent any suspicion or even a critical examination by the victim in the first place. To increase the pressure on the victim, they open up big guns, such as an alleged breach of contract, a penalty for an overdue bill, an account suspension, or the shutdown of service.
2. Badly revised communication: Serious companies invest a lot of time and money in the design of emails in order to maintain and improve the reputation of their brand. Generic greetings, grammatical errors, and bad formatting are striking signals of business email compromise or phishing emails.
3. Contacts only by mail: Hackers try to maintain their false identities and avoid personal contact. In the case of unusual or urgent inquiries, an authenticity check by the telephone may be sufficient to unmask them.
4. Strange URLs and domains: Many hackers use external links in phishing emails to redirect potential victims to fake websites or a form where personal and financial information is collected. The wrong links are often difficult but can be recognized by a trained eye. An example is inconsistent links where the display and destination URLs do not match. Other are fake, slightly changed URLs such as “webside.com” instead of “website.com”.
5. No flexible support: Cyber ​​criminals often imitate well-known brands and organizations to exude trust and credibility with their victims. Medium-sized and large companies often offer differentiated customer support and often have employees who have been trained for special issues. Therefore, in the event of uncertainty, it helps to inquire about specialist contact persons and thus check whether an information request is legitimate.
6. Dubious attachments: Another common phishing technique is adding one or more malicious attachments to fraudulent emails. These files can contain viruses or other types of ransomware / malware . Particular attention should be paid to unknown senders and especially to certain file types such as compressed files (e.g. .rar, .zip), files that are used to execute program codes (e.g. .bat, .cmd, .exe & .msi) and Macro-enabled documents (e.g. .docm, .pptm and .xlsm).
7. Use antivirus: This is very essential to use security software to provide protection to your confidential data. Try Protegent360's free antivirus software to give maximum protection.