How to protect your business from email compromise – and be prepared if your defense fails

Business Email Compromise (BEC) fraud is a growing threat to organizations of all sizes and is becoming more sophisticated and frequent. Attacks, in which attackers often use social engineering to impersonate company insiders, executives or trusted suppliers to demand urgent payments, can devastate organizations financially.

It can be easy to fall victim to a BEC attack, especially for companies with limited resources and smaller payment processing teams. Many rely on multiple people to manage tasks, who can feel enormous pressure to respond quickly to seemingly urgent requests, especially if the request comes from someone high up in the organization. This is a practice that can lead to costly mistakes.

BEC Fraud Prevention

Implementing the right technology is critical to preventing BEC fraud. Solutions such as fraud detection tools, supplier portals and payroll management systems can help protect against unauthorized payments.

Many companies now require employees to update payment information through secure portals rather than relying on e-mail notifications, making it less likely to become a victim of an attack.

While AI can play a role in fraud detection, BEC fraudsters are increasingly using AI to create more convincing emails that make the fraud harder to detect. This further highlights the importance of layered safeguards such as double approval payment processes and consistent training and education of employees on how to identify potential threats.

Keys to recovering from a BEC attack

For organizations or individuals who may have inadvertently sent money to fraudsters, time is of the essence. If you suspect fraud, notify your banking partner immediately. Quick action can stop unauthorized transactions before funds are transferred. We tell our customers, don’t be shy. The sooner we know, the sooner we can act.

In cases where the victim is unable to recover the funds, it is important to have insurance policies to reduce financial losses. Many businesses overlook the importance of cyber security and fraud insurance, but as BEC fraud is on the rise, having this protection in place is key to reducing fraud losses.

Preventing BEC requires a combination of technology, training and internal processes. Here are four simple and immediate best practices to implement:

1. Testing and training of employees: Regularly screen employees with fake phishing emails to ensure they can recognize fraudulent activity. Those who fail must undergo additional training.
2. Provide continuous education: Provide ongoing training to keep employees aware of the latest BEC tactics, such as supply chain attacks and bypassing multi-factor authentication (MFA). Also, ensure that employees understand the internal controls in place to protect potential vulnerabilities in processes related to sensitive data and the movement of money.
3. Implement double control: Requiring dual approval for review and approval of payments and changes to vendor information ensures that no employee can authorize a payment without verification.
4. Avoid email for financial inquiries: Use secure portals to update payment information rather than relying on email, which is prone to phishing attacks.

The role of the bank partner in preventing BEC

A strong relationship with your bank can serve as an important line of defense to prevent and mitigate BEC attacks. Most banks offer fraud prevention solutions, such as Positive Pay, which verifies checks and ACH payments before they are processed. Banking partners can also provide educational information and real-time updates on emerging fraud trends to help businesses stay ahead of potential threats.

The prevention strategy is based on cooperation between enterprises and their banking partners. Banks can help track suspicious activity, verify requests to change supplier or employee payment information, and cooperate with law enforcement in the event of fraud.

By applying best practices, a sound risk management strategy and working closely with your banking partner, you can protect your organization from becoming a victim of BEC fraud and ensure the security of your financial transactions.

For more information on how Synovus can help your organization reduce BEC fraud, complete a short form and a Synovus consultant will contact you.