S5, E226 - Building a Secure Culture Against BEC Scams

Show Notes

Discover how these cyber criminals impersonate bosses and coworkers, manipulating emotions to trick victims into transferring money or revealing sensitive information. Learn how to spot the red flags: from urgent requests that cloud judgment, to lookalike email domains designed to deceive. We'll guide you through practical steps to safeguard your organization, emphasizing the importance of communication and verifying requests through trusted channels.

Join me, Cameron Ivey, as I break down these sophisticated scams and explore why adherence to company protocols is crucial in defending against them. 

Transcript

Speaker 1: 0:00

All righty, then. Ladies and gentlemen, welcome back to another episode of Privacy, please. I'm your host, cameron Ivey, and this is the show where we break down complicated tech stuff into bits everyone can understand. Today, we're going to be exploring the insidious world of business email compromise, also known as BEC scams, a $26 billion criminal enterprise, according to the FBI. Let's dig in.

Speaker 1: 0:38

Business email compromise scams involve con artists impersonating your boss or coworkers to trick you into transferring money or divulging sensitive information. Here's how to spot them and stop them. Number one question urgency. Scammers rely on creating a false sense of urgency to cloud your judgment. Ronnie Takasowski, a seasoned security researcher, emphasizes if an email elicits an emotional response, take a step back and reread it when you're more calm. Sleep on it. Take a second. Don't respond right away. This emotional manipulation is key to their success.

Speaker 1: 1:18

Selena Larson from Proofpoint advises slow down, take a deep breath and walk away from your computer or phone and think critically. Number two confirm through a second channel. Always verify suspicious requests through a different communication method. Larson's warns do not rely on a phone number in the email itself. It will be owned by the threat actor. Use the known contact details of secure channels like Slack or Microsoft Teams. Even if the request seems urgent, it's crucial to confirm its authenticity. Number three check the email address. Examine the sender's email address closely.

Speaker 1: 1:54

Scammers often use lookalike domains to appear legitimate. Larson notes that lookalike domains are very common. Someone will do a slight variation, like a capital I instead of a lowercase I to make it look legitimate. If you're suspicious, paste the domain into a browser to verify its authenticity. Just take that extra step. The next one is follow proper protocols. Stick to established company procedures for financial transactions and information updates. Another source points out there needs to be a paper trail. Someone saying purchase this from your personal account is a process that just wouldn't happen. So if it seems weird or uncommon or you feel like those spider tinglys oh yeah, we got them Go with your instinct on that.

Speaker 1: 2:39

The next one is foster open communication. This is key. Leaders should cultivate a culture of transparency anywhere right. One of the sources suggests that skip level meetings to enhance communication across all levels of the organization. Larson's adds that talking about scams openly helps the person, their peers and their colleagues learn how to protect themselves. Build that confidence within your team. By staying vigilant and having open communication, you can protect yourself and your organization from these sophisticated scams. Remember it's better to verify and be safe than assume and be sorry, andy sawy. That's all for this week, folks. If you want to learn more, feel free to reach out and we'll catch you guys on the next one. Cameron Ivey, over and out.