The Alarming Rise of Business Email Compromises: A Personal Perspective

As a business owner in the technology sector for close to two decades, I’ve seen firsthand the transformative power of email communication. However, recent trends have brought to light a troubling escalation in business email compromises (BEC), a threat that no company—big or small—can afford to ignore.

In the past year alone, the frequency and sophistication of email hacking attempts have surged. Email remains the number one attack vector for cybercriminals, with phishing attacks leading the charge. These attacks are no longer the easily spotted scams we once knew. Modern phishing emails are meticulously crafted, often indistinguishable from legitimate business communications. AI plays a large role in the sophistication and authentic look of the hacker’s copyright material. 

Just recently, a close colleague of mine who owns a construction company fell victim to a devastating email hack. It started with an employee inadvertently clicking on a malicious link. The hacker stole the email token and set up covert rules within the mailbox. They intercepted a high-value transaction, sending a fake invoice to a client. The client, trusting the legitimacy of the email, paid $175,000 directly into the attacker’s account. This incident not only resulted in a significant financial loss but also damaged the client relationship and the company’s reputation.

Similarly, a local church in our community experienced a similar fate. An attacker, posing as a trusted vendor, sent a fraudulent invoice that led to the loss of $150,000. The funds were unrecoverable, and the impact on the church’s operations was profound.

These are not isolated incidents. According to recent reports, 41% of organizations have experienced an increase in email-based threats. The FBI received 19,369 BEC complaints in 2022 alone, and this number is believed to be a gross underestimation. Our own security monitoring systems have blocked nearly 8,000 BEC attempts in 2023, highlighting the pervasive nature of this threat.

So, why are cybercriminals so fixated on emails? The answer lies in the vast amount of sensitive information housed within our inboxes—login credentials, financial statements, personal correspondences. This data is a goldmine for hackers, offering numerous avenues for exploitation.

As someone who has dedicated her career to technology and cybersecurity, I cannot stress enough the importance of vigilance and proactive measures. Here are some steps every business should take:

1. Employee Awareness Training: Regular training sessions to educate employees about phishing and other cyber threats.
2. Email Security Tools: Implement advanced email security tools that can detect and block phishing attempts.
3. Two-Factor Authentication (2FA): Ensure all email accounts are protected with 2FA.
4. Continuous Monitoring: Use systems that continuously monitor account behavior and flag suspicious activity.
5. Verification Protocols: Always verify the legitimacy of requests for financial transactions or account changes, especially if they seem urgent.

At my company, we’ve made these practices a standard part of our operations. We also offer our clients comprehensive email security audits to identify vulnerabilities before they can be exploited.

The digital landscape is fraught with challenges, but with the right precautions, we can protect our businesses and our livelihoods. Don’t wait until it’s too late—take action now to secure your email systems.