How to Identify a Compromise Email in Business

TFD – Business email compromise (BEC) scams are a significant threat, costing companies billions annually. Scammers pose as colleagues or executives, urging urgent financial actions. Learn to protect yourself and your organization by understanding these schemes and how to spot them. Discover expert tips on recognizing fraudulent emails and the importance of emotional awareness in cybersecurity.

Don’t close this tab! I know there are few combinations of words less interesting than business, email, and compromise. I may as well have written an article about fiber, socks, and responsibility. But this isn’t a boring article; it’s an article about email con artists who, according to the FBI, are pulling in $26 billion a year by scamming people.

Thus, it is true that business email compromise (BEC) frauds are very serious. In order to obtain money or information, the con artists behind this illegal venture will send you cold emails while posing as someone you work with. You may receive an email purporting to be from the CEO of your company requesting that you take immediate action, such as purchasing gift cards, or you may receive an email purporting to be from a firm employee requesting that you modify their direct deposit details. The objective of the scam, which can take many different forms, is to somehow embezzle money from you or the company you work for.

Anyone working a desk job would be well to invest a few minutes learning how to recognize these emails. A couple specialists I spoke with provided some very useful advise.

I anticipated that when I questioned two cybersecurity specialists about BEC fraud, they would respond with technical guidance. Emotions were the starting point for both. This makes sense because, at its core, computer fraud involves psychological manipulation. Thus, being aware of your emotions is necessary in order to recognize an email hack hoax.

For more than ten years, security researcher Ronnie Tokazowski has been working to inform people about email frauds. “If an email elicits an emotional response, take a step back and reread it when you’re more calm,” she advises. Tokazowski highlights how crucial it is for these kinds of scams to instill a false sense of urgency. What prevents you from challenging the concept of the hoax is the worry it causes. “People who get pulled into these types of scams … their emotions get very deregulated,” he says. That makes you less capable of thinking critically, which is a key part of how such scams work.

Threat researcher Selena Larson of Proofpoint, a cybersecurity company, took it a step farther. “I don’t know if you can print this, but honestly: Just breathe,” she continues. “Go slowly and inhale deeply. You can actually think more logically and clearly after doing it. Take a step back from your phone and computer and exercise critical thought. Would this be an email that someone would send me? Is this is a logical thing that I’m being asked to do?”

If the sender of the email begs you to keep information confidential, you should be extremely wary.

“Scammers do things like isolate you from your peers,” Larson states. “They approach you with authority and ask that you keep this private and discuss it just between the two of you. People who experience this kind of social engineering feel pressured to act quickly and that sharing their thoughts with others is not permitted.”

Thus, the first step is to learn to manage your emotions. Yes, if you work in a demanding field, it may be challenging. However, it’s your greatest line of defense, and your employer will appreciate it (or ought to, anyhow).

Now that you’re doubting the urgency of the request, confirm that the email is indeed coming from the person it purports to be from. Asking is the best course of action here, but proceed with caution.

“If you received an email like this, it’s important to pick up the phone and call the number you know to be legitimate,” Larson states, with a caveat. “Do not rely on a phone number in the email itself—it will be owned by the threat actor.”

It’s important to remember that any contact information contained in the email has probably been compromised—sometimes very subtly. Utilize the number you already have saved on your phone for the individual in issue, or find the number in an official company directory or on an official website. This is true even if the phone number in the email appears to be accurate, as some con artists will go to the effort of obtaining a phone number that resembles the target of their impersonation in the hopes that you will pick up on that number rather than the real one.

“I’ve seen phone numbers off two digits from the actual phone number,” states Tokazowski.

Make sure the request is legitimate by giving the individual who purportedly emailed you a call at a number you can be absolutely positive is real. If they are in the office, you can also ask them directly. Alternatively, you can utilize Slack or Microsoft Teams, two more secure communication platforms. Verifying any urgent request outside of the initial email is the goal. Additionally, don’t worry about wasting their time, even if they are your supervisor or another influential person.

“The person that is being impersonated would so much rather have someone take the time to confirm than to lose thousands or a million dollars in a malicious transaction,” Larson states.

There are situations in which it is not possible to contact the purported sender. If not, there are a few methods you can employ to determine if an email is authentic or fraudulent. First, confirm that the email address is from the company domain by checking it.

“Always check the domains that you’re receiving emails from,” Larson advises. At times, this will be readily apparent; for example, your CEO probably isn’t emailing you from a Gmail account. Occasionally, it can be more subdued; scammers have been known to buy domain names that resemble the business they are trying to defraud in an effort to seem trustworthy.

It’s also a good idea to verify that the email signature and the email address match. “To make it appear authentic, they will use the company’s actual domain in the footer, but that won’t match the email address,” claims Larson. Just be aware that there may not be much of a change. “Look-alike domains are very common: To make it look legitimate, someone will do a slight variation, like a ‘l’ instead of a ‘i.'” If you’re sceptical, you may verify that by copying and pasting the domain portion of the address into a browser. If they don’t have a website, they’re most likely phonies.

Email spoofing is another tactic scammers will employ; you can identify it by clicking respond and examining the email address that appears in the “To” section. You’re probably dealing with a phony request if the email address it appears to have come from is different.

This may sound monotonous, but traditional bureaucracy may be the strongest line of defense against company email compromise schemes. Your firm is less likely to become a victim of scams if it has procedures in place for tasks that are frequently the target of scammers, such updating financial information in a database or making major purchases.

According to Tokazowski, “the majority of the time, that request of purchasing something would need to go through human resources, procurement.” Be wary if you receive an email requesting you to skip the standard procedures. The paper trail must exist. It just wouldn’t happen if someone said, “Purchase this from your personal account.”

Email should probably not be the workflow for critical financial processes in a healthy organization. It is really bad workflow practice, for example, to update your direct deposit details.

Finally, I would want to offer leaders in organizations one bit of advice: Don’t behave in a way that could persuade others to believe you are a fraudster. By routinely sending emails to staff members requesting urgent favors and instructing them to ignore these requests and not work via the formal procedures, you raise the likelihood that your business will become a target of similar frauds. However, if you foster a transparent corporate culture, your organization will become stronger and more resilient.

Making sure you’re working to promote an environment of open communication is a crucial first step, according to Tokazowski. A lot of organizations are set up so that there is little to no contact between different levels. As Tokazowski puts it, “skip-level meetings” are useful in these kinds of organizations. In order to strengthen the lines of communication between all levels, a senior manager meets with the direct reports of a middle manager without the middle manager present, thus skipping a level in the hierarchy.

Leaders should also remember how critical it is to have an honest conversation about any scams that your company may fall victim to.

“People’s terrible feelings of shame, irrespective of the kind of scam, contribute to the perpetuation of these schemes,” claims Larson. “Open communication about it teaches the individual, peers, and coworkers how to understand how to protect themselves.”