Business email compromise (BEC) has emerged as a multi-billion-dollar subset of phishing scams. According to research, in 2020, experts estimated that 71% of organizations faced BEC attacks. Research further suggests that the most common type of BEC scam is invoice or payment fraud. However, a new type of video-driven BEC scam is on the rise.
According to the FBI, scammers are now using video meeting scams as a tool to trick victims into handing over their money. The use of Zoom and Microsoft Teams skyrocketed during the pandemic, with Microsoft adding 95 million users in 2020 and the annual meeting minutes on Zoom now crossing over 3.3 trillion. Scammers have also been quick to use these video conferencing tools to scam innocent victims out of thousands of dollars.
How does BEC work?
BEC uses fake or compromised email domains to convey messages with the end goal of getting a money wire transfer from the victim. Today, some of these scams have transformed from being email-based to video meeting scams. Here, scammers are using video meetings as the primary channel to communicate.
This seems counter-intuitive as video requires physical presence, however, when used in conjunction with email, the attackers are able to insert themselves in a trusted video conversation, with the aim of gathering critical data related to the organization’s day-to-day operations. They will, for instance, ask employees to participate in a virtual meeting platform where the attacker inserts a still picture of the CEO and deep fake audio (or no audio at all), claiming that the video is malfunctioning. Posing as the CEO, they can then ask employees to initiate money transfers via chat or through a follow-up email.
Top-6 Expert-Approved Tips on Protecting Your Data and Preventing Scams
- Always double-check the URL in an email to see it is associated with the business/individual it claims to be from and make sure to check the spelling of the domain name as well.
- Don’t share login credentials and leverage two-factor (or multi-factor) authentication to verify change requests relating to account information. This is particularly useful for high-value accounts.
- Pre-inform the team about using external virtual meeting platforms in internal meetings.
- Do not provide sensitive information such as login credentials via email.
- Make sure that the settings in employees’ computers allow full email extensions to be viewed by default.
- Keep tabs on your business and personal financial accounts to check for irregularities, such as missing deposits.
If you’re looking for the services of an experienced and dedicated IT consultant, BSC Solutions Group Ltd. can help. Whether you’re using Teams, Zoom, or some other video meeting platform, taking the right preventive measures and seeking an expert’s help can make all the difference. Connect with us and lay the foundation for a safe and secure IT environment, which can ultimately save you millions and future-proof your organization’s reputation.