How to Protect Your Wealth from Business Email Compromise (BEC)

How To Protect Your Wealth From BEC

Last year, Americans lost a staggering $12.5 billion to internet-enabled crimes, according to the FBI’s Internet Crime Report 2023, underscoring the urgent need for robust cybersecurity measures. Among the top crimes – and most expensive for high-net-worth families – is business email compromise.

What is Business Email Compromise (BEC)?

Business email compromise (BEC) is a sophisticated cybercrime where attackers exploit email systems to deceive individuals into transferring funds or divulging confidential information. This form of cyberfraud typically involves the following tactics:

  • Email Account Compromise: Hackers gain unauthorized access to email accounts, often through phishing, planting malware, or using credentials purchased on the dark web from a breach.
  • Email Spoofing: Attackers create emails that appear to come from trusted sources by mimicking email addresses, domains, and branded templates or forms from a known vendor.
  • Social Engineering:  Cyber criminals manipulate victims by impersonating trusted figures, creating a sense of urgency and exploiting human trust and error.
  • Man-in-the-Middle Attacks: Hackers intercept and alter email communications to redirect funds or information.

Examples of Business Email Compromise

Given the stakes, it is crucial to understand and implement proactive measures to safeguard your wealth and privacy against BEC email attacks. Below are a few real-world examples that highlight the sophisticated tactics used by cyber criminals to exploit the trust and routine operations of high-net-worth individuals.

Real Estate Transaction Scam

Situation: A high-net-worth individual was in the process of purchasing a luxury property. The hackers compromised the email account of the individual’s real estate agent and sent an email with new wire transfer instructions for the down payment.

Consequence: Believing the email to be legitimate, the individual transferred several million dollars to the fraudulent account. By the time the fraud was discovered, the funds had already been moved through various accounts, making recovery impossible.

Executive Impersonation Fraud

Situation: Cyber criminals hacked the email account of a CFO of a family office. The hackers then sent an email, posing as the CFO, to the finance team instructing them to urgently wire $5 million to a new supplier’s account.

Consequence: Trusting the legitimacy of the email, the finance team executed the transfer. The fraud was only discovered during a routine audit weeks later, by which time the funds were long gone.

Personal Assistant Deception

Situation: A cyber criminal compromised the email account of the personal assistant to a high-net-worth individual. The attacker monitored email traffic and waited for the right moment. When the individual was traveling abroad, the hacker, impersonating the assistant, sent an urgent email requesting a wire transfer to cover an “emergency expense.”

Consequence: The high-net-worth individual, believing the request to be genuine and time-sensitive, authorized the transfer of several hundred thousand dollars. Upon returning home and discussing the matter with the assistant, they realized they had been scammed.

How to Prevent Business Email Compromise

By understanding the tactics used by cyber criminals and implementing robust security measures, high-net-worth individuals can significantly reduce their risk of falling victim.

Be Wary of Urgent or Unusual Requests

Cyber criminals use fear and urgency as a tool to increase the likelihood of the target making an impulsive decision, such as transferring money to a bad actor who is posing as a trusted individual in a crisis situation. When you receive an email that makes your blood pressure skyrocket, use that as a clue that you may be the target of a cybercrime in progress.

Implement Strong Email Security

Without secure email services and strong passwords, hackers can easily gain access to your email accounts, intercepting private communications and manipulating financial transactions. Recycling passwords is a risky gamble due to the large number of recent breaches and the ability to purchase your information on the dark web. A password manager, like 1password, is strongly recommended. Also be aware of which of your emails has been compromised in a breach on the deep/dark web either through your cyber security provider or through an online resource like HIBP (Have I Been Pwned)).

Educate Yourself and Your Family

If you lack awareness of BEC tactics, you and your family may fall prey to sophisticated phishing schemes, leading to unauthorized access to your sensitive information and significant financial loss. Knowing the clues that indicate a cyber criminal might be using BEC tactics against you is invaluable.

Secure Personal Devices

Insecure devices are vulnerable to malware and hacking. A compromised device can lead to the theft of personal information, unauthorized financial transactions, and even identity theft. As a result of the complexity of most smartphones security settings, it is possible your device is leaking data without your knowledge.

Limit Sharing of Personal Information

Sharing personal information online can provide cyber criminals with the data they need to craft convincing phishing emails, making you more susceptible to BEC scams. Taking proactive efforts to minimize the amount of data available about you online makes you a much less desirable target to cyber criminals.

Trust but Verify Financial Requests

Failing to verify financial requests can result in substantial funds being transferred to fraudulent accounts. For instance, you might receive an email that appears to be from your financial advisor, requesting a large wire transfer, only to find out it was a scam. Talk to your financial advisor about putting a consistent process in place for verification.

Related Article: 8 Cybersecurity Tips to Keep Your UHNW Family Cyber Safe

By taking the proactive measures above, you can significantly reduce the risk of falling victim to BEC scams and protect your assets from cyber criminals. In the digital age, staying informed and vigilant is essential to maintaining your financial privacy and security.

Contact us to learn more about protecting yourself from business email compromise.

LinkedIn
Print
Cresset Favicon

About Cresset

Cresset is an independent, award-winning multi-family office and private investment firm with more than $60 billion in assets under management (as of 11/01/2024). Cresset serves the unique needs of entrepreneurs, CEO founders, wealth creators, executives, and partners, as well as high-net-worth and multi-generational families. Our goal is to deliver a new paradigm for wealth management, giving you time to pursue what matters to you most.