We regularly see the effects of cyber attacks on individuals and businesses, but we also see the value that preventive measures can have in blocking those attacks.
As an important partner of ours, we wanted to share some best practices to help you avoid falling victim to cyber fraud and to call your attention to a rising threat: the business email compromise.
Business Email Compromise
A business email compromise is when a cyber criminal impersonates a familiar business partner through email. The cyber criminal typically asks for a customer’s payment to be redirected to a new account, and, if the ploy works, the recipient of the email instructs the customer to change payment methods, thus paying the cyber criminal instead of the appropriate company.
To minimize your risk to business email compromise and other phishing scams.
- Protect your email system. For cloud-based systems, a key safeguard is to implement a multifactor authentication, which requires more than one step to verify a user’s identity
- Don’t trust an email just because the sender’s name is familiar. The email account may have been compromised and be under the control of a cyber criminal.
- Never follow new instructions without first verifying with a phone call. Do not reply directly to the email to verify changes – you should always call your business partner to ensure the legitimacy of any changes in the payment process or for other suspicious requests.
You can also take the steps below to help better recognize scams:
- Ask yourself: “Was I expecting this email?”
- Review the sender’s email address for slight discrepancies (e.g., John.Doe@businesspartner.com vs. John.Doe@businessspartner.com).
- Beware of pop-ups. If a webpage suddenly appears requesting a username and password or other personal details, be leery. This information is valuable to cyber criminals and can lead to other attacks, including a business email compromise.
- Analyze the body of the email. Does it seem unusual, out of character or suspicious for the sender? Is the style, language, time of day or cadence not typical of the sender?
- Be skeptical of urgent requests.
- Hover over links to verify the destination, and don’t click on a link if it looks suspicious.
- Look closely at attachments before opening. See if the file name seems appropriate for the sender.
We hope these practical measures will help protect you and your customers. If you have any questions, or if you receive something suspicious, please follow up with your Travelers relationship manager.