Risk & Business Magazine General Insurance Service - Page 6

PHISHING

Phishing Lures : Are You Covered For Business Email Compromise ?

BY BILL PECK

Look around your office and try to spot the person who is going to ruin your company .

That person is there , hiding in plain sight , chatting happily with an elderly customer , or grinding out that last month-end report , or negotiating with a vendor for a new supply of widgets to use in next month ’ s production . Haven ’ t figured it out yet ?
In truth , any one of these folks could wound , if not destroy , your business should they fall victim to a phishing attack , or more precisely a Business Email Compromise ( BEC ) scam . Most people have at least a basic understanding of what “ phishing ” is , and for clarity ’ s sake , we ’ ll dive into that in a little more detail . But along with that basic knowledge , the popular perception is that
on the spectrum of cybercrime , phishing is something that your Aunt Betty falls for and therefore is less concerning in a business setting . As we will soon see , this is far from the case .
Phishing utilizes social engineering in that the scammer typically represents himself / herself as a trustworthy individual in an electronic communication , usually an email . Their goal is to obtain personal private information ( PPI ) or login credentials , for example , or to induce the victim to download a destructive piece of software . “ Spam phishing ” attacks do this on a massive scale in the hopes of netting a handful of victims . “ Spear phishing ,” by contrast , targets predetermined victims . And drilling down even further , “ whaling ” targets high-value victims like corporate executives , celebrities , or professional athletes .
While voice phishing (“ vishing ”) or SMS / text phishing (“ smishing ”) schemes are growing in popularity , email phishing remains the most prevalent . According to the FBI ’ s 2020 Internet Crime Report , phishing was the number one form of internet crime with more than 240,000 reported victims . In dollars , these attacks accounted for more than $ 54 million in losses .
WHAT IS BUSINESS EMAIL COMPROMISE ( BEC )?
Business Email Compromise ( BEC ) is a phishing attack targeting businesses . Specifically , it is a scam whereby the attacker either impersonates or takes over an executive ’ s email account in order to manipulate company employees , vendors , or clients . Often the goal of the scam is to dupe the target into unwittingly providing
6