The FBI has issued warnings to all businesses about the spread of BEC scams. One of the fastest growing hazards facing businesses today is business email compromise, or BEC scams. According to the FBI these scams have increased more than 270% since the beginning of last year. In their latest report, more than 7,000 businesses have lost more than $1.2 billion in the last 2 years. At Complete Network Support we can help mitigate your IT risk. We are at the forefront of IT risk management; monitoring, assessing and evaluating threats to your network regardless of the source.

While these scams may appear less impressive than sophisticated malware targeting banks and other large institutions; a BEC attack is in reality far more malicious. They are more versatile and can avoid the basic security steps taken by businesses and individuals. Instead of simply targeting your machines, a BEC scam targets your employees. According to the FBI, “The scam has been reported in all 50 states and in 79 countries. Fraudulent transfers have been reported going to 72 countries; however, the majority of the transfers are going to Asian banks located within China and Hong Kong.”

BEC scams are perpetrated in multiple stages. In the first stage, a traditional phishing scam is initiated. Once the criminal has access to an employee’s email, they monitor the account for days, weeks sometimes even months. During this time the cyber sleuth determines critical financial processes and practices used by your business. These criminals then ascertain whether or not wire transfers are used and which individuals make the requests for said wire transfers. Emails are probed for a multitude of keywords: invoice, deposit, president, CEO, CFO, accounting and funds are all examples of keywords used to verify transfers.

Once the reconnaissance stage is completed the second phase begins. This portion can present itself in two different ways. The first is known as a CEO Phishing Scam. The perpetrator(s) create a domain name that is nearly identical to the company’s and send an email that appears to be from the CEO or other high ranking executive from this address. This email and email address will appear legitimate. However, upon closer examination the email address of the sender will in fact be fraudulent. The email requests a specific wire transfer sparing no details. The targeted employee then, without hesitancy, does as instructed. At this point, company funds have been seized never to be seen again.

In the second version of this scam, the email of someone within the targeted company responsible for billing and invoicing is taken over and used to send out seemingly legitimate invoices instructing that payment be made by wire to a newly designated bank account. Again, only under scrutiny would anything be noticeably questionable within the fraudulent invoice. One of the most nefarious aspects of these scams is the unlikelihood of being caught in spam traps as these are targeted attacks and not mass emails. As these scams continue to grow and evolve it is important to be vigilant. The FBI has urged businesses to adopt the following processes:

  • Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail. For example, legitimate e-mail of would flag fraudulent e-mail of
  • Register all company domains that are slightly different than the actual company domain.
  • Verify changes in vendor payment location by adding additional two-factor authentication such as having a secondary sign- off by company personnel.
  • Confirm requests for transfers of funds. When using phone verification as part of the two-factor authentication, use previously known numbers, not the numbers provided in the e-mail request.
  • Know your customers payment habits.
  • Carefully scrutinize all e-mail requests for transfer of funds to determine if the requests are out of the ordinary.

At Complete Network Support it is our job to mitigate and eliminate threats to your business. We are your IT bureau ready for all phases of cybercriminal activity. Don’t go it alone, contact Complete Network Support.

How To Supplement Your Internal IT Team.

In an ideal world, technology would be a consistent source of competitive advantage and benefit for small and midsized businesses. The reality is that many fail to realize that confidence.

Without the right resources and support, even a highly skilled technology team can become overwhelmed by the growing list of technology management duties. When important tasks get neglected, it creates ripple effects throughout an organization that damage productivity and efficiency.

The co-managed IT services model solves these problems by providing your existing IT team with all the support and resources they need to successfully plan, manage, and defend your network technology.

This guide covers:

  • • Aligning technology with business goals
  • • Reducing churn while preserving institutional knowledge
  • • Empowering your staff to maximize productivity
  • • Achieving the highest level of cybersecurity defense

Download it for free by filling out the form here.