Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    BEC Scams are a Growing Threat to Retailers

    CEO_Fraud_small

    Cybercriminals are improving their social engineering skills to target online retailers with sophisticated business email compromise (BEC) scams, according to Rafael Lourenco at Business.com.

    Lourenco says that these attacks are “the grown-up, more professional, harder-to-spot versions of yesteryear's amateurish phishing scams, and they are on the rise because they work.” BEC scams come in a number of different forms, including executive impersonation, invoice fraud, and payroll scams.

    Executive impersonation—aka CEO Fraud—is when an attacker gathers information about a high-ranking employee, sometimes after hacking their email account, and then poses as this executive to send an urgent request for a money transfer to another employee at the company.

    Invoice fraud involves the impersonation of an organization’s third-party vendors to request payment for services rendered. Google and Facebook recently lost a combined total of $100 million to this type of scam. Lourenco adds that “while it's tempting to think that small merchants won't attract invoice fraudsters, cybercriminals are always looking for vulnerable targets to exploit, regardless of size.”

    In payroll scams, criminals send emails to an organization’s HR department under the guise of an employee, and request that their paychecks be sent to their new bank account. The IRS says that these scams are typically only discovered when an employee realizes they’ve missed a paycheck.

    “What all these schemes have in common is deception – impersonating someone the recipient trusts,” Lourenco writes. “Another common factor is that these scam emails don't contain malicious links or attachments, so they often make it past spam filters.”

    Lourenco says that organizations need to train their employees how to spot suspicious emails and requests, and then report or verify them before taking action. New-school security awareness training can teach your employees to treat every email with caution. Business.com has the story:

    https://www.business.com/articles/merchants-must-protects-themselves-from-cybercrime/

    CEO-Fraud-Pages.jpg

    CEO Fraud Prevention Manual Download

    CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This brand-new manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

    Click Here To Download The Manual

    PS: Don't like to click on redirected buttons? Copy and paste this link in your browser:

    https://info.knowbe4.com/ceo-fraud-prevention-manual

     

    Return To KnowBe4 Security Blog

    Topics: CEO Fraud

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews