Start by setting up email authentication protocols like SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting Conformance). These protocols help verify the authenticity of the sender’s identity, making it harder for scammers to spoof your organization’s email domain or impersonate a trusted contact.

Use advanced email security solutions that can filter out phishing messages and suspicious emails. These tools often use artificial intelligence and machine learning to detect anomalies in email patterns, helping to catch fraudulent emails before they reach your inbox.

Once trust is established, the scammer makes a fraudulent request. As explained in the previous section of this article, this could be a request for a wire transfer, changing payment details for a transaction, or requesting sensitive information. The request often comes with a sense of urgency or confidentiality to pressure the target into acting quickly without verifying the information.

Last but not least, this type of BEC scam is a bit different because it focuses on physical goods. Basically, scammers order products or services using a compromised email account, often posing as a legitimate employee or business associate, but never paying for them.

More info: Desktop Virtualization benefits