Business Email Compromise

Business Email Compromise (BEC) is the most significant cybercrime impacting businesses and organisations in the NT and commonly involves invoice fraud.

BEC is an online scam where a cybercriminal impersonates a business representative to attempt to deceive employees, customers or vendors into transferring money or sensitive information to cyber criminals. BEC can incorporate malware to permit remote access to compromise business email systems.

Prevention against BEC requires:

• sound internal business payment controls
• awareness among your staff on how to recognise cyber threats and
• good IT controls to protect your email system from compromise.

Read about NT Police advice on examples of BEC affecting local companies and organisations.

• prevent email compromise and invoice fraud
• recover from email compromise and invoice fraud
• how does email compromise occur
• tips to ask your IT provider

Prevent email comprise and invoice fraud

See the Australian Cyber Security Centre's (ACSC) guide on business email compromise.

See the Small Business Cyber Security Guide and Step-by-Step guides to help you apply basic cyber security controls to protect your business.

See more information at Protect Your Business.

Apply multi factor authentication

Apply multi factor authentication to your business email account.

A security measure that requires two or more proofs of identity to grant access, read the ACSC's step-by-step guides (Gmail, Yahoo, LinkedIn and Microsoft accounts).

Validation process for payment and account details

Establish a business process to validate payment and change of bank account detail requests.

If you receive an email request to change a bank detail for a supplier be untrusting of the email:

• phone the company contact to check
• using contact details published on the internet and not the contact details in the email.

Software patching

As patches often address security flaws, you should ensure you patch your software and operating systems.

You can turn on automatic patching.

Read the ACSC's:

• Automatic Updates for iMac, MacBook, iPhone & iPad
• Automatic Updates (for Microsoft Windows 10).

Automatic backups

Apply automatic back-ups.

Ensure you have a a process in place to back-up of your data if things go wrong.

Email phishing

Educate your staff about email phishing:

• read more about email phishing on the cyber.gov.au website
• view the training videos
• be alert to suspicious emails and fake web addresses (web domains).

Strong passwords or passphrases

Use strong passwords or passphrases and keep them unique.

Read more about strong passwords or passphrases on the cyber.gov.au website.

Remember

If something doesn't feel right, it probably isn't. Encourage your staff to trust their instincts and check anything suspicious via a phone call or face-to-face.

How to recover from email compromise and invoice fraud

If you've sent money or personal banking details to a scammer contact your bank immediately.

See the recovery tips at cyber.gov.au.

Report cybercrime to cyber.gov.au/report.

How does email compromise and invoice fraud happen?

Business email compromise invoice fraud frequently involves a compromised email account.

The comprise usually begins with email phishing.

Emails can impersonate legitimate organisations, but contain malicious links or download files to infect your computer with malware (malicious software).

Once malware has downloaded onto your machine a cybercriminal can access your IT network using remote access software.

In order to gain your username and passwords, the cybercriminal may send email phishing attacks to:

• your staff that impersonate logon screens for your email account
• online banking or
• business systems.

Once in your email account a cybercriminal will monitor your email traffic to identify and target your customers. This can include:

• forwarding all your email traffic to the cybercriminal and active monitoring of email subjects such as ‘invoices’ and
• set-up forwarding rules to hide confirmation emails from recipients of fraudulent emails issued from the compromised email account.

You can check your email for these signs of compromise by viewing the email settings (for forwarding rules and active monitoring) and outlook rules and alerts.

The cybercriminal may send emails:

• to customers:
  • with requests to change bank details for invoice payments or
  • send fraudulent invoices that contain the criminal’s bank account details
• that impersonate management to staff to request urgent payments of fraudulent 'supplier' invoices.

Fraudulent requests to change bank account details can also be made by phone call.

Establishing a process to validate these requests can prevent this fraud occurring.

Read the ACSC's advice on other forms of business email compromise and how they occur.

Ask your IT provider about your cyber security controls

The following guides provided by the ACSC detail cyber security controls for small businesses.

The ACSC, part of the Australian Signals Directorate, is the Australian Government's lead agency focused on improving cyber security for:

• government
• critical infrastructure
• business and
• the community.

The following ACSC guides address simple measures that can significantly avoid, or reduce the impact of, the most common cyber security incidents:

• Preventing business email compromise
• Small business cyber security guide
• Step-by-step guides on how to apply common security controls.

The ACSC also recommend small businesses implement at least the four mitigation strategies with "essential" effectiveness to prevent malware delivery and execution. These described in the ACSC's Strategies to Mitigate Cyber Security Incidents, particularly on computers used by your finance, human resources and senior executive teams.

Go to the ACSC's website for an explanation on the Essential Eight.

Other guides

• Cloud Computing Security Considerations | Cyber.gov.au
• Malicious Email Mitigation Strategies | Cyber.gov.au
• How to Combat Fake Emails | Cyber.gov.au