U.S. Schools are Dealing with Extensive Business Email Compromise Attacks

A business email compromise attack is a phishing scam in which a scammer uses email to take possession of capital—either in the form of data or actual finances—from the organization they choose to target. Lately, these scams have been observed to focus on schools.

Let’s review the situation at hand and what is at stake.

Business Email Compromise in Action

Let’s say one of your team members receives an email that makes a request for either finances or information… but since it seems to come from a trusted company, they comply.

This is what makes business email compromise what it is. By using an essential business communication tool, an attacker can fool someone on the inside into doing their dirty work, either by providing the requested data directly to the attacker or giving the attacker the capability to access it themselves.

The scam is dangerously simple.

1. A scammer will select a target, research it, and potentially even craft a fraudulent website to make their efforts that much more effective.
2. The scammer then breaches the company’s email systems and identifies the most effective targets based on the emails they send and conversations they hold.
3. Spoofing an email domain, the scammer prepares to impersonate the right person to influence their target.
4. The scammer then contacts the target, working to build up enough trust to make the ask—whether for money (often in the form of gift cards) or data.

As of late, these attacks have been focusing on school districts.

Public Sector Organizations are Common Targets

Schools and other public institutions are often in an attacker’s crosshairs for a few key reasons:

• Many such organizations have only a limited budget for cybersecurity, making them more likely to be targets of a cyberattack.
• These organizations also commonly exchange large amounts of capital regularly, giving an attacker more opportunities to strike.
• Many of these organizations also rely on complex administrative structuring and processes, making them even more vulnerable as issues are missed and the right people are required to sign off on any action.
• The public sector also typically collects a lot of data throughout its operations, which means that a cybercriminal would be interested in obtaining these stores.

Therefore, it is unsurprising that school systems from California to Tennessee have experienced these attacks, suffering damages in the six-to-seven-figure range… and the damages don’t stop there. In addition to these direct costs, the loss of reputation and potential penalties these businesses will likely face will almost certainly sting.

How to Minimize Your Risk of Business Email Compromise

To avoid these repercussions, Lakewood, Tacoma & Surrounding Areas businesses must make the proper preparations, such as…

Ensure all financial and other forms of data are locked down.
Your business should have safeguards to prevent as many vulnerabilities as possible. It should also undergo precautionary audits to ensure it has not already been breached.

Implement a cyber insurance policy.
Nowadays, it is becoming increasingly important for any business to invest in cyber insurance coverage, which effectively helps them cover all the extraneous costs that a cyberattack will likely cause. Ensure you know precisely what is covered and what limits are in place.

Keep an eye on compliance.
Not only will you be on the hook if your business falls for a BEC scam, but you could also be subject to government or industry penalties. Maintaining any applicable regulatory standards will help make it less likely that you’ll be held wholly responsible for falling for the scam (while possibly making it less likely one will impact you).

Monitor your business technology.
Specialized tools exist that can help catch attacks like BEC and many others by constantly examining a business’ network and reporting any oddities that reveal themselves, as these are often signs of a larger issue. Ensuring you have this watchful eye over your IT will generally boost your business’ resiliency against all kinds of problems.

Trust Us to Help Protect and Maintain Your Business

Whether you’re referring to business email compromise, another form of cyberattack, or even the idea of boosting your business’ productivity, Graemouse Technologies is here to help. Reach out to us at 253.777.0763 to learn more about the full assortment of IT services we have to offer.