{"id":2561,"date":"2018-12-03T16:58:57","date_gmt":"2018-12-03T16:58:57","guid":{"rendered":"https:\/\/www.empowerbpo.com\/blog\/?p=2561"},"modified":"2023-02-27T09:24:38","modified_gmt":"2023-02-27T09:24:38","slug":"preventing-bec-scams","status":"publish","type":"post","link":"https:\/\/www.empowerelearning.com\/blog\/preventing-bec-scams\/","title":{"rendered":"Preventing BEC Scams: Manual controls and multi-person authorization"},"content":{"rendered":"

In an article last week, we highlighted the case of a Dutch firm that lost \u20ac19m ($21m) to a Business Email Compromise<\/a> (BEC) scam to push forward the idea of having strong security measures for preventing BEC Scams.<\/p>\n

Today, we came across the news of a (rather old) BEC incident \u2013 an Indiana school district lost more than $120,000 to BEC scammers. Criminals hacked the email account belonging to an officer authorized to order transfers, and sent fraudulent payment requests. The bank honored the payment request and made the wire-transfer of $120,882.83.<\/p>\n

Last month, a judge dismissed the district\u2019s lawsuit<\/a> seeking to reclaim the amount from the bank.<\/p>\n

As Stu Sjouwerman points out, this case differs from normal BEC scams<\/a>\u2013 \u201ca third party was conned, as opposed to a victim organization.\u201d<\/p>\n

Although unusual, this case does underline the value of having:<\/p>\n

    \n
  1. Strong credentials across the organization,<\/li>\n
  2. A sound password policy, and<\/li>\n
  3. Manual controls and multi-person authorization.<\/li>\n<\/ol>\n

    Suggested reading: 7 Security measures against BEC you cannot neglect<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    In an article last week, we highlighted the case of a Dutch firm that lost \u20ac19m ($21m) to a Business Email Compromise (BEC) scam to push forward the idea of having strong security measures for preventing BEC Scams. Today, we came across the news of a (rather old) BEC incident \u2013 an Indiana school district […]<\/p>\n","protected":false},"author":3,"featured_media":2563,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[209,162,185,182],"class_list":["post-2561","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-infosec","tag-bec","tag-business-email-compromise","tag-cybersecurity","tag-password-policy"],"_links":{"self":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/posts\/2561","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/comments?post=2561"}],"version-history":[{"count":0,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/posts\/2561\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/media\/2563"}],"wp:attachment":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/media?parent=2561"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/categories?post=2561"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/tags?post=2561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}