During 2021’s first six months, more than 75% of cybersecurity threats were delivered by email messages, per research conducted by HP. This trend coincides with a 65% increase year over year in the use of hacking tools downloaded from underground forums and filesharing websites, HP analysts say.

"Simultaneously, users continue to fall prey to simple phishing attacks time and time again,” Ian Pratt, global head of security at HP, told ZDNet.

These findings explain why Business Email Compromise (BEC) remains one of the greatest cybersecurity challenges for companies large and small across the spectrum of industries. In short, BEC happens when cybercrooks trick email users into exposing login credentials that enable access to sensitive data and systems. As cybersecurity pro Ryan Kalember explained in a TechRepublic article: “Attackers don’t hack in, they log in.”

So, what’s the best system for thwarting the bad actors of BEC? Regular training for good actors in your organization.

Teach users to spot these common BEC techniques:

• Too good to be true: Eye-catching unanticipated offers like, “You’ve won $500! Click here to redeem.”
• Edge of Urgency: Prodding for immediate action, such as “Your password has expired, change it now.”
• Funky Hyperlinks: Fraudulent URLs include misspellings or transpose characters to emulate the domain name of a reputable sender or organization.
• Trojan Attachments: Files containing code that downloads “backdoors” into systems.
• Interesting Info, Unknown Sender: Sounds important, but “Do I know you?”

Need help with user training? Give us a call.