BEC Email Protection: Personal Accounts

TL;DR

Business Email Compromise (BEC) attacks are increasingly targeting personal email accounts linked to work. This guide helps you spot, report and prevent these scams.

Understanding the Threat

BEC emails often look legitimate, pretending to be from someone you know – a boss, colleague, or vendor. They ask for urgent actions like money transfers or sensitive information. Targeting personal accounts is common because people are less guarded outside of work networks.

How to Spot BEC Emails

1. Check the Sender’s Address Carefully: Don’t just look at the name; examine the full email address. Scammers often use slight variations (e.g., [email protected] instead of [email protected]).
2. Be Wary of Urgent Requests: BEC emails create a sense of panic to rush you into action without thinking.
3. Look for Grammatical Errors and Unusual Tone: While not always present, poor grammar or an odd writing style can be red flags.
4. Verify Requests Independently: If you receive a request for money or sensitive information, contact the sender through a known, trusted channel (phone call, separate email thread) to confirm its legitimacy. Do *not* reply to the suspicious email.
5. Suspicious Links and Attachments: Avoid clicking links or opening attachments in emails from unknown or untrusted sources. Hover over links to see where they lead before clicking.

Preventing BEC Attacks

1. Strong, Unique Passwords: Use strong passwords for *all* your email accounts (work and personal) and avoid reusing them across multiple sites. Consider a password manager.
2. Enable Multi-Factor Authentication (MFA): This adds an extra layer of security by requiring a code from your phone or another device in addition to your password. Enable MFA wherever possible, especially for email accounts.
3. Be Careful What You Share Online: Limit the amount of personal information you share on social media and other public platforms. Scammers can use this information to craft convincing emails.
4. Email Filtering & Spam Protection: Ensure your email provider’s spam filters are enabled and up-to-date. Regularly check your spam folder for legitimate emails that may have been misclassified.
5. Educate Yourself and Others: Stay informed about the latest BEC tactics and share this knowledge with family, friends, and colleagues.

Reporting BEC Emails

1. Report to Your Email Provider: Most email providers have a way to report phishing or scam emails. This helps them improve their filters.
2. Report to the National Cyber Security Centre (NCSC): You can report BEC attempts at https://www.ncsc.gov.uk/report.
3. Report to Action Fraud: If you have suffered financial loss, report the incident to Action Fraud at https://www.actionfraud.police.uk/.

What to Do if You Think You’ve Been Compromised

1. Change Your Password Immediately: Update the password for your compromised email account and any other accounts that use the same password.
2. Contact Your Bank or Financial Institution: If you made a money transfer, notify your bank immediately. They may be able to recover some of the funds.
3. Monitor Your Accounts: Keep a close eye on your email and financial accounts for any suspicious activity.