A new report from HSB, a global insurer offering specialty insurance for identity recovery and data compromise, shows that small businesses experienced an uptick in business email compromise (BEC) attacks this past year. According to the report, 58% of business executives said suspicious emails had increased in the past year and most of these emails (37%) included a request for payment from what appeared to be a senior manager or vendor.
Alarmingly, a number of employees took the bait. Nearly half (47%) of employees responded to these BEC scams by transferring company funds and of those who transferred funds, 37% wired more than $50,000.
It’s clear from this report (and others) that fighting against BEC scams is a matter of executing both technical safeguards and employee security training and empowerment.
Why BEC attacks are on the rise
BEC and other social engineering attacks are frequently used among cyber criminals because they are relatively easy to deploy and put simply, because they work. In a BEC scam, a criminal leverages spoofing tactics to pose as a legitimate, trusted contact. The criminal then tricks a recipient into wiring funds into a fraudulent account.
This type of attack generally works because it compromises trusted systems and taps into employees’ routine behaviors. HSB’s report demonstrates not only how pervasive these attacks are, but also how frequently they actually work. Nearly half of employees responded to these scams and transferred company funds. The FBI’s most recent Internet Crime Report (2019) indicates a similar trend. Their study found that 11,667 employees fell victim to wire fraud scams in 2019 with $221 million in losses.
BEC scams that look like vendor payment requests
Vendor payment requests were one of the most frequently cited scams from HSB’s report. In the real estate closing process, this opens the door to several opportunities for criminals. According to a 2019 PropLogix report, the majority of title & escrow businesses leverage vendors to complete at least one element of the title process including services such as municipal lien searches (80%), permit searches (67%), utility searches (63%) and title curative work (14%).
While the transfer of escrow funds is often cited as a vulnerability within the real estate transaction for criminals to target, vendor payments may be another high-risk area. Employees who are not on high alert may fall victim to these types of scams.
How to avoid vendor payment BEC scams
As we’ve discussed in previous articles, raising awareness among employees is key to avoiding BEC scams. At Qualia’s Future of Real Estate Summit, cyber security expert Robert Fly said that nearly 90% of security breaches are due to human error.
In addition to maintaining employee awareness and training to avoid BEC scams, businesses can also leverage security features embedded in their software platform. We’ve discussed multi-factor authentication (MFA), IP whitelisting, and other security features in the past; however, one under-recognized security feature is vendor integrations.
With secure vendor integrations (like Qualia Marketplace), title processors never have to leave their core software to order, manage, or pay for vendor services. This eliminates the potential for cyber criminals to use spoofed emails to send false vendor payment requests.
To learn more about how you can use Qualia to mitigate the risk of a BEC scam, click below to schedule a time to speak with a Qualia Specialist.