Understanding Business Email Compromise

Understanding Business Email Compromise and
How to Protect Your Organization

Transcript:

[MUSIC PLAYING]

Kyle Jekot [00:00:07] Hi, my name is Kyle Jekot and I'm a senior security business partner with PNC’s Enterprise Technology and Security.

Kyle Jekot [00:00:13] I'd like to spend a few minutes today, talking about Business Email Compromise and more specifically what it is, how it works, red flags and suggested best practices.

Kyle Jekot [00:00:23] Business Email Compromise, or BEC, as it's more commonly known, is when a threat actor uses identity and deception tactics to trick a subject into taking some action.

Kyle Jekot [00:00:34] Often the threat actor will use a source that is a known individual or trusted individual to the subject.

Kyle Jekot [00:00:41] According to the FBI’s Internet Crime Complaint Center, BEC fraud loss, increased from 1.8 billion dollars in 2020 to 2.4 billion dollars in 2021 with a 5-year loss of 8.6 billion dollars with Business Email Compromise.

Kyle Jekot [00:01:00] So then, what are some red flags associated with Business Email Compromise? Often the threat actor will insist on secrecy and confidentiality, only wanting to communicate via email.

Kyle Jekot [00:01:10] They'll request immediate confirmation once a transaction is made, and they'll warn of some negative consequence for failing to comply.

Kyle Jekot [00:01:18] So then, what are some suggested best practices?

Kyle Jekot [00:01:22] You should always review thoroughly external emails.

Kyle Jekot [00:01:23] Use verification of the request from a previously known good telephone number.

Kyle Jekot [00:01:28] You should not use the email string to communicate, nor should you use any telephone numbers within the email itself.

Kyle Jekot [00:01:36] And lastly you should review your policies and procedures specifically those around changing of banking information.

Kyle Jekot [00:01:44] If you'd like to continue the conversation, contact your PNC IAM representative, who will schedule time with us to discuss your cybersecurity related concerns.

Kyle Jekot [00:01:53] I hope you found this information helpful. Thank you.

[MUSIC PLAYING]

To learn more, please contact your PNC IAM representative.

PNC General Disclosure

Read a summary of privacy rights for California residents which outlines the types of information we collect, and how and why we use that information.