Business Email Compromise/Email Account Compromise (BEC/EAC) scams can destroy businesses. Shield your company against BEC/EAC scams by taking these steps: a. Company domain: Establish a DMARC record. b. Email accounts: Enable two-factor authentication. c. Awareness: Know that attackers often send BEC/ EAC scam emails when the executives they are trying to impersonate are traveling on business. a. Adopt a comprehensive antiphishing program that includes a phishing simulations program and a reporting tool to empower all your employees. b. Identify specific, real-world phishing scenarios and add them into your phishing simulation rotation. 131 Countries Impacted by BEC/EAC scams 3 2,370% 4. Simulate 1. Protect a. Minimize the number of people who process and approve wire transfers. b. Make a list of these authorized personnel available to employees. 2. Authorize Sources 1. FBI, "Business Email Compromise Email Account Compromise: The 5 Billion Dollar Scam,” May 4, 2017 2. Ibid. 3. Ibid. a. Require dual authentication and approval of all wire requests. b. Verify new or different payments (with at least two people). c. Create a maximum amount that can be withdrawn for wire transfers. 3. Authenticate $5.3 Billion USD in actual and attempted loses from BEC/EAC 2 Increase in fin ancial losses from BEC/EAC 1 From BEC Attacks How to Shield Your Company