Module 2: Phishing & Business Email Compromise (BEC)
What is Phishing?
Phishing is a trick used by hackers to steal your information by pretending to be someone you trust. They send fake emails, text messages, or calls to get you to:
- Click on a bad link
- Give away your username and password
- Download a harmful file
Phishing can happen through:
- Email – Fake messages from banks, tech support, or even your workplace
- SMS (Smishing) – Fake text messages with scam links
- Phone Calls (Vishing) – Scammers pretending to be customer support or a company
How to Spot Phishing Emails
🔹 Suspicious Sender
- The email is from an unknown or weird address.
- The name may look familiar, but the email address is slightly different.
🔹 Urgency & Fear Tactics
- “Your account will be closed if you don’t act now!”
- “You’ve won a prize! Click here to claim it.”
- “Your password was compromised, reset it now.”
🔹 Weird Links & Attachments
- Hover over the link without clicking. If it looks strange or different, don’t click it.
- Attachments may contain malware that can infect your device.
🔹 Bad Grammar & Spelling Errors
- Legitimate companies have professional emails. If there are many mistakes, it’s likely fake.
🔹 Requests for Personal Information
- No real company will ask you for your password, credit card number, or personal details by email.
What is Business Email Compromise (BEC)?
Business Email Compromise (BEC) is a type of phishing attack where hackers target businesses by pretending to be an important person, such as a CEO, manager, or vendor.
How BEC Attacks Work
- Hackers study the company – They gather information about employees and business operations.
- They send fake emails from a “trusted” source – They impersonate a boss, co-worker, or supplier.
- They request money transfers or sensitive data – The email may ask employees to send money or reveal company secrets.
Common Types of BEC Scams
- CEO Fraud – Hackers pretend to be the CEO or boss and ask employees to transfer money.
- Vendor Scam – They impersonate a supplier and send fake invoices.
- Payroll Scam – They trick HR into changing direct deposit details to steal salaries.
How to Protect Yourself from Phishing & BEC
✅ Check the Sender – Verify if the email address is correct. Contact the sender directly if unsure.
✅ Think Before You Click – Hover over links to see where they lead before clicking.
✅ Don’t Open Suspicious Attachments – If you didn’t expect an attachment, don’t download it.
✅ Never Share Personal or Financial Info – Companies will never ask for passwords via email.
✅ Use Multi-Factor Authentication (MFA) – Even if hackers steal your password, MFA can stop them.
✅ Verify Requests for Money or Sensitive Info – Call or meet in person to confirm before transferring money.
✅ Report Suspicious Emails – If you receive a phishing email, report it to IT or security teams.
What to Do If You Fall for Phishing?
1️⃣ Change Your Password Immediately – Use a strong and unique password.
2️⃣ Enable Multi-Factor Authentication (MFA) – This adds an extra layer of security.
3️⃣ Scan Your Device for Malware – If you downloaded a file, run a security scan.
4️⃣ Notify IT or Your Bank – If you shared sensitive information, report it right away.
5️⃣ Warn Others – Let co-workers or friends know about the scam.
