This post was last updated on March 25th, 2021 at 03:23 pm.
BEC attacks are one of the fastest growing cyber crimes and have cost some organizations millions of dollars. So, it’s important that staff at your church know how these attacks work and how they can be prevented.
What is a BEC attack?
The BEC stands for Business Email Compromise. In this type of cyber attack, a cyber criminal gets a foothold in an organization’s email system (using spoofing, phishing, and so on). The hacker uses that advantage to impersonate personnel from the organization or outside vendors or charities associated with the organization. Then the hacker can convince staff to send sensitive information or wire money to fraudulent bank accounts.
BEC attacks are a growing threat
WestStar Bank, in a blog post about BEC attacks, details the alarming growth rate of BEC attacks:
According to the FBI’s Internet Crime Complaint Center (IC3), Business Email Compromise (BEC) schemes have grown at a jaw-dropping rate of 2,370% since 2015. With more than 40,000 domestic and international incidents, these types of scams have cost more than a staggering $5.3 billion in actual and attempted losses. To help you keep one step ahead of this multi-billion-dollar threat, we put together a quick walkthrough of what a business email compromise is, how it works, and how you can best protect your organization.BEC Attacks: What They Are and How to Protect Yourself
These trends make sense. Online services and transactions have come to rely a great deal on email accounts for security. Think of all the services where you use your email address as a username, have a password reset sent to your email, or use your email to register a device for a service. Thus, email is where cyber criminals are turning their attention to find weaknesses in your security. A cyber thief wants to get control of your email. Once the thief has it, it opens a world of opportunities to steal from you.
BleepingComputer.com tells the poignant story of how Saint Ambrose Catholic Parish got ripped off for nearly $2 million through a BEC hacking scheme: “$1.75 Million Stolen by Crooks in Church BEC Attack“. For months, the parish thought they were sending payments to their building contractor but were actually sending them to a crook.
Fortunately, the parish database was saved to a secure, cloud-based church management software and was not compromised. “[The cloud based system] allows for many layers of security/protection of our parish database information.” If you’re not currently using a cloud-based church management system for your church’s security, learn more about our IconCMO Church Management Software.
How can you prevent BEC attacks from damaging your church?
WestStar Bank, in the post on BEC attacks mentioned earlier, lists some ways organizations can protect themselves. While some of their tips apply better to large businesses, some of them could be very useful for churches as well.
The main takeaways I’ve found from this and other sources are
- Be very careful about the emails you open and respond to, and
- Always verify important requests or transactions face-to-face or over the phone when possible.
I got an email from a client that nearly fell for one of these traps. She found out the truth when she called to verify with the person the hacker was impersonating. So there’s a great example of how to defend against this sort of thing.