Whenever a crisis strikes in today’s digital world, whether it’s a natural or man-made disaster, people turn to the Internet as an essential means to get assistance and information that will help them get their lives back on track and communicate with those affected.
In many cases, that can mean multiple email messages carrying vital information getting sent back and forth to impacted people and institutions providing assistance. Unfortunately, the bad news is that cybercriminals are aware of this and will use every means available to them to try to exploit victims of the crisis and others concerned by it. One of the ways they do this is through phishing and spoofing campaigns that are meant to take advantage of people when they’re already at their most vulnerable.
The recent collapses of Silicon Valley Bank (SVB) and Signature Bank are prime examples of opportunities that phishers will try to exploit. Those collapses were partly caused by depositors moving funds from those banks to others. In many cases, the depositors had to open new accounts at their target banks before withdrawing.
Much of the account opening and funds moving was done electronically, with countless confirmation emails flowing back and forth. This environment enables phishers to send emails requesting money or bank information to verify a business’s new account.
And the BEC attacks are already starting.
Banks are already the most targeted businesses for phishing attacks, and this incident will only make it worse. Over the coming weeks, we expect the number of BECs to rise, putting many consumers and businesses at risk. Keep reading to learn more about how it will affect you and how you can protect yourself and your business.
What are BECs?
Business email compromise (BEC) is a scam that has cost over $43 billion in FBI-reported losses over the last five years. BEC happens when a cybercriminal tries to take advantage of email communication and receive money from someone through targeted phishing.
These BEC attacks might look like:
- CFO compromise
- Executive compromise
- Whaling
- Payroll scams
This tactic preys on someone’s trusted relationships to access money and on people expecting information from a trusted person or business.
“While there are many forms of BEC, at their core, the reason that BEC is so effective is that it hijacks a trusted relationship where money is expected to change hands, to send money to criminals instead of the intended recipient.”
Seth Blank, Chief Technology Officer (CTO) of Valimail.
How does it affect you?
With the collapse of these banks and the anxiety of more fallouts on the horizon, many companies are scrambling to move their money to new banks. This process also involves getting a new account and routing numbers and sharing this new information electronically with vendors, clients, and payroll.
However, phishers can take advantage of this exchange of information and easily impersonate someone who shouldn’t have access to that information. With this scrambling, confusion, and sense of urgency, sending information or money to the wrong person can be too easy.
As more banks are scrutinized, the risk of falling prey to a phishing scam increases.
Companies need to act as soon as possible because these problems won’t disappear. As more companies rush to open new bank accounts and transfer funds, the opportunities for scammers grow.
How can you protect yourself?
Consumers need to take extra precautions when answering emails or texts. One way to protect yourself is by continuously validating your information through a second channel.
If you get an email requesting sensitive banking information, you need to validate that the correct source is reaching out. If you get an email, you can call the bank to verify.
Businesses are at risk as well. Regardless of what type of business you run, you need to have a strong authentication platform in place for your domain so that no one can send spoofed emails from your domain. That’s where Domain-based Message Authentication, Reporting, and Conformance (DMARC) comes into play.
DMARC is an email authentication protocol. DMARC protects your domain from being used for these BEC attacks and ensures that no spoofers or phishers can take advantage of and destroy your trust with customers. This authentication will be necessary for the challenging times ahead with the potential for more banks closing.
Here at Valimail, we believe that you need to take care of yourself and your business first and foremost, whether using our services or not. However, we’re here to guide you through this crisis if you want to take that next step toward DMARC enforcement.
The first step towards DMARC enforcement is gaining visibility into your domain. With a free account on Monitor, you can see what legitimate and illegitimate services are sending emails under your domain.
Accessing visibility into your domain is the first step to locking down your domain and ensuring that no one can take advantage of your brand or customers. Sign up for a free account today!