As businesses navigate the complexities of tax season, another challenge lurks in the shadows: business email compromise (BEC) scams. These sophisticated cyber threats target businesses during peak financial periods, exploiting the rush and high email traffic associated with tax time to execute fraudulent activities. Understanding and mitigating the risks of BEC scams is crucial for safeguarding your business.
What is Business Email Compromise?
Business Email Compromise (BEC) is a type of cybercrime where attackers use email to deceive individuals and businesses into making unauthorised financial transfers or sharing sensitive information. These scams often involve the impersonation of executives, vendors, or trusted partners. The attackers typically infiltrate or spoof legitimate email accounts to trick employees into performing actions that can have severe financial repercussions.
Why Do Scams Increase Around Tax Time?
Tax time presents an ideal environment for cybercriminals to strike. The heightened financial activity, increased communications with tax consultants, and urgency to meet deadlines create a fertile ground for successful attacks.
Key reasons why BEC scams spike during this period:
- Increased volume of financial transactions: Businesses are involved in numerous financial transactions and communications, making it easier for fraudulent activities to go unnoticed.
- High pressure and tight deadlines: The stress of tax deadlines can lead to hasty decision-making, reducing the likelihood of thorough verification processes.
- Communication with external parties: Engaging with accountants, tax professionals, and government agencies increases the chance of encountering compromised or spoofed emails.
- Focus on financial data: The emphasis on financial documents and transactions provides attackers with ample opportunities to intercept sensitive information or request payments.
- Increased use of automation: During tax time, businesses often utilise automation for processing transactions and documents. This reliance on automated systems can sometimes bypass manual security checks, making it easier for cybercriminals to exploit vulnerabilities and conduct BEC scams unnoticed.
How to Spot a Business Email Compromise
Recognising the signs of a BEC scam is the first step in protecting yourself, and your business. Here are common indicators to watch for:
- Unusual requests: Be wary of urgent or unexpected requests for payments, transfers, or sensitive information, especially if they deviate from standard procedures.
- Email anomalies: Look for subtle differences in email addresses, such as misspellings or slight variations (e.g., john.doe@company.com vs. john.doe@compnay.com).
- Changes in communication style: Note any unusual changes in the tone, language, or formatting of emails from known contacts.
- Unverified links and attachments: Avoid clicking on links or downloading attachments from unsolicited or suspicious emails without verifying their authenticity.
- Inconsistent contact information: Cross-check contact details provided in the email with those in your official records, or pick up the phone and call to verify.
What to Do If You've Made a Mistake
If you suspect that your business has fallen victim to a BEC scam, the Australian Cyber Security Centre (ACSC) recommends following the below 6 steps:
Step 1: Report the incident
You can report cyber security incidents to the Australian Signals Directorate’s ACSC through ReportCyber.
Your report will go directly to the relevant police jurisdiction. By reporting early, you ensure the best chance of a positive outcome. Your report will also allow authorities to check for similar incidents that have occurred, assist with further investigations, and help others who have been affected.
Step 2: Check your account security
Complete as many of the following steps as possible, or seek support from your Managed IT provider:
- Change your password/passphrase.
- Update your account recovery details.
- Sign out of all other sessions.
- Enable multi-factor authentication (MFA).
- Check account mail settings (including mailbox rules).
- Check third-party application access.
- Check login activity.
- Check your email folders, devices and other accounts for suspicious activity.
Step 3: Notify your contacts and relevant third parties
If you have been hacked or impersonated, you should alert your contacts (such as customers, colleagues and suppliers). This will help them recognise suspicious activity and disregard fraudulent emails such as those that refer to the changing of bank details, requests for large payments or unusual links or attachments.
Step 4: Send a takedown request
Step 5: Contact the email provider
If someone is using a common email provider (such as Gmail) to impersonate you, this is known as display name spoofing.
These spoofed email addresses typically originate from Microsoft’s email services (Outlook, Hotmail, Live, MSN), Gmail, or another third-party email provider like ProtonMail. By using valid vendors, spoofed email addresses can bypass anti-spam or anti-phishing filters as they are not coming from forged email addresses.
Step 6: Protect yourself from future email cyber attacks.
Protective measures can help by:
- preventing your email accounts from being compromised.
- making it harder for a cybercriminal to impersonate you.
- protecting your business from falling victim to email fraud .
You can review an extensive list of recommendations to prevent business email compromise via the Australian Signals Directory here.
How can Diamond IT Support your Business?
If you want to educate your employees on how to identify potential cyber threats such as scams, our staff education programs and policy and procedure reviews can help. Our Business Technology Consultants are specialists in improving your internal cyber security.
We offer:
- Cyber Security Health Check
- Cyber Security Awareness Training
- Cyber and Data Breach Consulting and Forensic Analysis
- Disaster Recovery (DR) Planning
If you need advice on how you can ensure your cyber security strategy is fit for purpose, our team of Cyber Security experts are ready to help. Contact our team on 1300 307 907 today.
