Episode 113 - Business Email Compromise Attacks: What Can Be Done?

Business Email Compromise – it’s a major way that global thieves steal trillions of dollars. Bill Repasky, an attorney at Frost Brown Todd LLP, with years of experience in electronic payments and cyber-fraud defense, explains how attacks of this type occur, why they are growing, what can be done to prevent them, and what a business can do if attacked this way.Common types of Business Email Compromise attacks are what appear to be incoming customer payments, outgoing payments to suppliers of goods and services, and internal attacks (where a mal-actor takes over an employee’s email account at the business). While anti-phishing training is important, it is not enough. Businesses can minimize risk of loss by upgrading institutional defenses this podcast discusses. Tune in for a tune up on how businesses can deal with the rising global crime wave of Business Email Compromise.Time stamps:00:46 - What is Business Email Compromise?03:28 - What businesses are being targeted?05:35 - What are the common threads we see in business email attacks?08:24 - How do internal business email attacks occur?11:00 - How is public information on social media used as part of email attacks?11:38 - Key things businesses can do to prevent attacks?14:20 - What is “out-of-band” verification and how can it help prevent attacks?17:15 - What should a business do once it knows it has been attacked?