BEC attacks are one of the fastest growing cyber crimes and have cost some organizations millions of dollars, so it’s important to church security that staff at your church know how these attacks work and how they can be prevented.
What is a BEC attack?
The BEC stands for Business Email Compromise. In this type of cyber attack, a cyber criminal gets a foothold in an organization’s email system (using spoofing, phishing, and so on). The hacker uses that advantage to impersonate personnel from the organization or outside vendors or charities associated with the organization. The hacker can then convince staff from the organization to send sensitive information or wire money to fraudulent bank accounts.
BEC attacks are a growing threat
According to the FBI’s Internet Crime Complaint Center (IC3), Business Email Compromise (BEC) schemes have grown at a jaw-dropping rate of 2,370% since 2015. With more than 40,000 domestic and international incidents, these types of scams have cost more than a staggering $5.3 billion in actual and attempted losses. To help you keep one step ahead of this multi-billion-dollar threat, we put together a quick walkthrough of what a business email compromise is, how it works, and how you can best protect your organization.BEC Attacks: What They Are and How to Protect Yourself
These trends make sense. Online services and transactions have come to rely a great deal on email accounts for security. Think of all the services where you use your email address as a username, have a password reset sent to your email, or use your email to register a device for a service. Thus, email is where cyber criminals are turning their attention to find weaknesses in your security. Once a thief gets control of your email, it opens a world of opportunities for that thief to steal from you.
BleepingComputer.com tells the poignant story of how Saint Ambrose Catholic Parish got ripped off for nearly $2 million through a BEC hacking scheme: “$1.75 Million Stolen by Crooks in Church BEC Attack“. For months, the parish thought they were sending payments to their building contractor but were actually sending them to a crook.
Fortunately, the parish database was saved to a secure, cloud-based church management software and was not compromised. “[The cloud based system] allows for many layers of security/protection of our parish database information.” If you’re not currently using a cloud-based church management system for your church’s security, learn more about our IconCMO Church Management Software.
How can you prevent BEC attacks from damaging your church?
WestStar Bank, in the post on BEC attacks mentioned earlier, lists some ways organizations can protect themselves. While some of their tips apply better to large businesses, some of them could be very useful for churches as well.
The main takeaways I’ve found from this and other sources are
- Be very careful about the emails you open and respond to, and
- Always verify important requests or transactions face-to-face or over the phone when possible.