BEC Fraud & DMARC

BEC (Business Email Compromise) is a targeted email fraud with a potentially high financial assurance. Last year, as per the IC3 Report, Cybercrime led to $3.5 billion losses in the US alone, with BEC fraud accounting for almost half of that. This year has also seen a surge in this particular type of fraud.

The implementation of the DMARC framework is critical to prevent losses from BEC frauds. It starts with a fraudulent email that usually impersonates an executive or high-level staff member of an organization sent to an employee. The email would then state payment or transfer of funds, which could potentially lead to millions in losses.

To prevent such frauds from impacting your organization, we must consider the following two points:  

  1. DMARC Implementation: DMARC framework needs to be effectively implemented with the policy progressed from ‘None’ to ‘Reject’ by analyzing aggregate reports; This would entail identifying and authorizing all of the legitimate email sending sources.

 

  1. Inbound DMARC Check: Enabling the DMARC check for your incoming emails is a simple step, done through the admin access of your email gateway. Simply check the box for the option to enable DMARC on incoming email traffic.

With these two processes implemented, BEC fraud would be successfully prevented. Your employees will be safeguarded from receiving scam email impersonating your organizational domain.