Business Email Compromise — A Serious Threat

When you think about the driving forces behind a business, what comes to mind? For us, we think about the massive impact that computers and the associated technology have had on the way we do business. Computers and servers allow you to store data, organize information, and provide access to the programs that you need no matter where you are. Email allows you to convert interested parties from the internet into revenue, and cell phones allow you to maintain contact with employees, regardless of distance. Of course, as we've learned in recent years with high-profile incidents like the Equifax breach, the global WannaCry ransomware epidemic, and many personal experiences with phishing attacks, these technologies are a double edged sword that can harm as much as they can help.


While it's easy to focus on the big name cyber security incidents, the truth remains that small businesses are far and away more vulnerable and more actively targeted than large corporations. The reasons for this are many, including a lack of resources to dedicate to cybersecurity, training programs that are weak and ineffectual to nonexistent, and simply a lack of education on the devastating effect a security event can have on a business' profitability and reputation.

The FBI recently released a report detailing the losses incurred by small businesses affected by Business Email Compromises, which includes phishing attacks. Generally, an attacker will attempt to gain access to your account by having you enter credentials on a bogus, but convincingly real, website. With that access, they can send fraudulent emails to all of your business partners, vendors, and even other employees within your organization in an attempt to persuade recipients to transfer funds to fraudulent bank accounts. Alternatively, they can simply attempt to imitate your email address and dupe people into sending them money that way. Regardless of how it's initiated, the report detailed the losses incurred by small businesses to be upwards of $1,300,000,000 (yes, BILLION) in 2018. That number is out of 20,373 complaints reported to the agency, which translate to a staggering average loss of $63,702 dollars.


While cybersecurity may not be the first thing you worry about, could your business afford to take a $63,000 hit, not to mention long-term effects that come along with a data security incident? If you want to learn about how FrameWork can train your users, secure your business, and keep you protected, give us a call! We're here to help.