Business Email Compromise (BEC) Attack

This week’s scam involves a business email compromise, or BEC attack, where cybercriminals access a real business email address and use it to send malicious emails. You receive an email that looks like a simple file-sharing notification, with an attachment that seems to be a PDF document. The email even comes from a legitimate business email address. Because it looks like the email is from a trusted source, you might be tempted to open it.

However, this is actually a phishing attack! Cybercriminals will use a compromised business email account to send you a malicious PDF attachment. If you open the PDF, you’ll be taken to a fake login page. To further trick you, this page may even first ask you to complete a fake security verification. But if you enter your user information on the login page, you’ll give it directly to cybercriminals!

Follow these tips to avoid falling victim to this BEC scam:

Be suspicious of attachments that redirect you to a website. If an attachment opens a web browser and asks you to log in, it’s a major red flag that you’re on a phishing site.

Never assume a security check on a login page means the site is safe. Cybercriminals add these features to their fake pages to make them seem more legitimate.

Remember, even if an email appears to be from a trusted source, you should always use caution before selecting links or opening attachments, especially if the email is unexpected. Always stop and think before taking action!