Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity NewsEnterprise Services

Bringing BEC home: How to protect against BEC attacks while remote

By Amy Cadagin
cyber
September 3, 2020

In 2019, Business Email Compromise (BEC) attacks – a long-standing cybersecurity threat – accounted for $1.7 billion in losses, with cybercriminals using new tactics and techniques to carry out existing attacks. As cybercrime spikes in the wake of COVID-19, BEC’s toll is expected to rise this year. The Federal Bureau of Investigation (FBI) recently issued a warning to businesses on the growing threat of BEC attacks using the pandemic as a backdrop for unusual requests like payments to a “new” vendor or a change of account information.

BEC encompasses a range of cyberattacks, including tax scams, email, website spoofing, and most commonly, spear phishing. Spear phishing attacks are highly-researched ploys targeting specific individuals within an organization, often using specific details such as names and titles to spoof legitimate senders and coerce their target into initiating a seemingly legitimate transaction. By posing as legitimate senders with a specific request, these attacks can be extremely effective in initiating wire transfers or gaining unauthorized access to sensitive data.

 

COVID-19 has emboldened cybercriminals and left businesses vulnerable

With most workforces remote for the foreseeable future, businesses have become more vulnerable to spear phishing. As verification and security protocols continue to be disrupted due to limited in-person interaction, businesses are scrambling to adapt to develop remote processes to verify transactions. As a result, conversations and requests that typically happen face-to-face are now being conducted over email, messaging applications, and over the phone – making it easier for cybercriminals to pose as legitimate senders. These attacks have especially focused on invoice and payment fraud, with a recent report finding that these forms of fraud comprised 17% of all BEC attacks in May.

So what can be done?

 

Employees are the strongest line of defense

With BEC attacks on the rise, employees must familiarize themselves with key indicators to identify and thwart attacks before it’s too late. While cybercriminals continuously evolve their tactics and techniques, there are some foundational precautions that employees can take to spot and prevent attacks:

  • Always be skeptical no matter how routine a request or familiar a sender always thoroughly vet any requests to ensure legitimacy.
  • Trust your instincts and don’t allow yourself to be rushed – if a request doesn’t feel right, it probably isn't.
  • Double-check all account details for accuracy.
  • Follow your organizations’ procedures; they were established for good reason.
  • If you are victimized in spite of all efforts, immediately report the incident to your local FBI and Secret Service offices and ask them to help revert the fraudulent transaction.

 

Organizations must lead the charge

As we continue to adjust to a prolonged remote-work reality, businesses must develop comprehensive protocols and procedures, and implement email authentication best practices to protect their organizations and employees from spear phishing attacks. So long as standard security protocols are disrupted, employees will need guidance on verifying the credibility of financial transactions and requests. Some steps to take to protect your employees from falling victim to attacks include:

  • Implement SPF / DKIM / DMARC to inhibit spoofable message traffic from unauthorized sources.
  • Require multiple independent signatures for high value transactions.
  • Only work with established vendor accounts to streamline transaction verification.
  • Provide employee training on identifying and preventing BEC attacks – especially using simulations to help give employees tangible experience identifying illegitimate requests and encouraging continuous skepticism.
  • Establish robust payment processes to help employees differentiate legitimate and illegitimate requests; such as mandating multiple verifications for individual transactions.
  • Strengthen password reset protocols and account authentication (MFA) to prevent unauthorized password resets and account logins.

 

Cybercriminals will relentlessly continue to target businesses throughout the pandemic and take advantage of vulnerabilities resulting from the shift to remote work. As some businesses consider a permanent shift to remote work, the need to address the threat of socially engineered attacks, like spear phishing, becomes even more pressing. Through email authentication best practices, robust verification protocols, and comprehensive employee training, businesses can limit vulnerabilities and arm their remote workforces with the skills needed to identify and prevent these attacks amidst COVID-19 and beyond.

 

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.

KEYWORDS: business email compromise (BEC) COVID-19 cyber security remote work risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Amy cadagin headshot

Amy Cadagin is Executive Director of the Messaging, Malware and Mobile Anti-Abuse Working Group, a non-profit cybersecurity consortium focused on combating online abuse, including malware, spam, viruses, among other forms of exploitation. Since 2006, she’s played an integral role in facilitating collaboration between the largest names in technology around the industry’s most pressing challenges, developing cybersecurity best practices, and driving the growth and success of M3AAWG.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cyber Liability Insurance: Moving from Insurance to Assurance; cyber security news

    How to protect businesses against the threat of ransomware attacks and the role of cyber insurance

    See More
  • ddos-distributed-denial-service freepik

    How to protect against DDoS attacks in a distributed workforce model

    See More
  • Typing on laptop

    In the last year, 70% of organizations were targeted with BEC attacks

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing