Three look at computer screen

Business Email Compromise Explained

/in , /by

It is not uncommon for a business to communicate with its customers directly through its own email system. For small businesses, especially, emailing  customers and suppliers directly is a means of survival. The smaller the business, the more intricate and intimately crafted emails tend to appear, often because one or two trusted employees or you, as the business owner,  are running your email operation. These small, personally managed systems, however, have become massive targets for cybercriminals and scammers. Business Email Compromise (BEC hereafter) is the culmination of several malicious cyber-practices working in tandem thus creating one of the most complex and difficult to stop cyber threats. BEC can be a debilitating hit to businesses of any size and recorded financial losses due to past BEC attacks have been staggering.

The life and death of small businesses lie in the trusting hands of your best customers and suppliers. It is essential, then, that every small business operating with an email system know and understand the warning signs of BEC to insulate the reputation of your  business, its financial stability and the financial stability of your customers and suppliers.

What is Business Email Compromise

Business Email Compromise is a complex and multiphase type of phishing cyber scam. The most typical BEC attacks include this general series of triggers and events:

Scammer finds a Suitable Business Account to Infiltrate: The prime targets for BEC scammers are small to medium-sized businesses that communicate with clients and suppliers via email. Further, scammers will seek out companies with easily accessible public information confirming the identity of important figures in the company along with companies that regularly accept wire transfers.

Spearphishing and Grooming: Once scammers find a target business, they will initiate an opening cyberattack attempting to gain access to the business’s email or simply gain access to resources like digital calendars or other sensitive information. This opening attack is regularly called spearphishing. Spearphishing attacks are emails sent to the business impersonating either an employee or client. Depending on the sophistication of the spearphishing attack, scammers can do a wide variety of damage in this phase alone. From information aggregation to full-on system infiltration, this opening attack will likely set the tone for the rest of the cyberattack.

If the spearphishing attack doesn’t use malware to lift email information outright, more socially orientated attacks will attempt to groom human employees from your company into giving away private information with the goal of infiltrating the email system itself. Grooming methods include impersonating IT services, fellow employees, or any other trusted body you wouldn’t question giving information to.

Scammers Impersonate the Target Business and Solicit Wire Transfer from Clients: Once scammers have entered your email system by any one of several known avenues, they will likely lie dormant for weeks or even months. During that time, the scammers will analyze the target business’s style of communication and copy any letterheads or email signatures. Once the scammers are confident enough that they can convincingly emulate your business’s style of communication, they will send an email to one of your clients or other financial partners requesting a wire transfer.

Repeat Previous Step Until Target Business Notices Scam: Successful BEC attacks are intentionally difficult to detect and for businesses with poor communication can thrive for months. Even if scammers are found out or even excised from your system, the chances of money sent by wire being returned to its rightful owner is exceedingly low.

Protecting Your Business from BEC

Clear Wire Transfer Rules: Being that scammers often know their target businesses as well as the actual business owner, scammers will bend and twist existing rules to their favor wherever possible. Consider setting a universal rule for your business in which any financial transaction must be verified and confirmed in person or over the phone where possible. The convincing nature of scams tends to drop off considerably once they need to get on the phone but this may not stay the same forever.

Talk with Relevant Staff About BEC Warning Signs: BEC scammers thrive in businesses that carry out weak or uneven communication. Set up meetings with the staff who manage your email and digital communication regularly with the expressed purpose of assessing your strength against cyberattacks. Specifically, when you are in person and not using digital communication, set up code words and keys not specified online that trusted employees can use between each other when dealing with sensitive information or financial details.

Email Attachments: Email attachments are one of the most prevalent means for scammers to infiltrate businesses. This has been true since email attachments first came to be and has only become increasingly undetectable with time. That simple click on an email download link is all scammers need to deploy multi pronged malware into your system. Avoid email extensions wherever possible for this reason and consider adding a cybersecurity browser extension to your work systems to further insulate your workstations.

Two-Factor Authentication: For those complex BEC operations that do not spoof but rather actually infiltrate email systems, a powerful means of prevention is two-factor authentication. Two-factor authentication means that any remote scammer will have an incredibly more difficult time entering your email systems since they will need to approve the login on a second device. Set up business two-factor authentication on an on-site cell phone or bound to the cell phone of the business owner.

Every Business is a Target

The lack of uniform knowledge and education about BEC is scammers’ best weapon. While mega corporations have famously tough cyber systems and dedicated teams of professionals monitoring digital systems for breaches, small businesses don’t. Even businesses who don’t have a dedicated email system can be the target of BEC through impersonation. It is essential that every small business owner understand that no matter their industry or size, they are just as likely as anyone else to fall into the sights of scammers and cybercriminals. Knowing the warning signs and operating with maximum suspicion is all it takes to bring your business from vulnerable to prepared when operating in the digital space.

Daily Deal Technology

The Impact of Daily Deal Technology

/in /by

3 Businesses Weigh in on the Benefits (and perils) of Daily Deal Technology

Perhaps you’re one of many consumers whose inbox fills with a ‘daily deal’ email or three each morning? If you’re also a merchant, you might be wondering whether participating in a daily deal technology would be beneficial for your bottom line. Sure, you can reach customers beyond your regulars and locals, but how can you figure out if a daily deal technology would not only be a fit, but also be profitable for your business?

We sat down with three business leaders who share why they began incorporating daily deal technology into their marketing regiment, what they’ve learned, and advice they’d give any merchant considering daily deals:

  • Erica Harriss – Founder, Saving Grace Beauty, an online retailer that thrives on introducing people to hair products that make their “things I can’t live without” list.
  • Jeremy Levi – Director of Marketing, MARS Med Supply, a manufacturer and seller of high-quality health, beauty, and medical supplies.
  • Mitch Goldstone – President and CEO, ScanMyPhotos.com, an e-commerce photo digitization service which has scanned 300 million photos.

 

What attracted you to doing a daily deal offer?

Erica: The daily deal offer was attractive because it was essentially a risk-free way to get our company name and products in front of millions of people. These visitors are coming to these sites with the intention of buying something. Our company doesn’t pay anything for this marketing, unless a product sells.

Jeremy: For us it’s about getting our brand and product in front of as large an audience as possible. We are constantly bringing on new, innovative products. When we want to jump-start sales and get real customer feedback, daily deal sites are a great way to move large volume quickly. We then gauge what moves well and what customers think about the product so we can tweak it and improve it.

Mitch: I liked the vast outreach, economics and credibility of being featured nationally by Groupon for new customers who are predominantly female and match our demographic customer base.

 

What did you learn from your first deal that you used to make your next deal better?

Erica: Your deal photos tell a story, and you need this story to be one that consumers want to be a part of—to create excitement. Don’t just simply show a photo of your product. If applicable, show how this product can make a purchaser’s life better. You want them stalking their mailbox every day waiting for your product to arrive to help solve their problems.

Jeremy: What you think is a great product at a great deal doesn’t necessarily translate into great sales. You need to put out a lot of deals and then you’ll start hitting some home runs. Individual deals are often hit or miss.

Mitch: The first deal was a bit confusing and I learned to simplify the offer by featuring only our most popular photo scanning service. The deal must be self-liquidating (profitable) and have a game-changing crazy low price. Return S/H must be included. I realized that reviews matter most, and our company scored 92% favorable reviews on the Groupon platform.

 

How much return business do you get from your daily deal customers?

Erica: We have a product which is a consumable, so we see high rates of repeat business from our daily deal customers. Most of our first time customers find us on a deal site (about 60%). Sometimes they repurchase through a deal site, and other times they come directly to our site. We do notice that these repeat deal customers tend to order multiple products when a product they have already tried (and presumably liked) hits a deal site again.

Jeremy: For us it’s not so much about the return customer as it is about the brand awareness. That being said, when you provide a quality product, it tends to stick out in consumers’ minds—especially today, where so many products online are cheap knockoffs of quality products.

Mitch: Nearly 60% of our customers from Groupon return. Our analytical tracking tools identify that the majority become our most loyal fans and best referral partners.

 

What advice would you give any service-related business curious about whether a daily deal site is right for them?

Erika: In the service industry, time is your most valuable resource. Make sure you aren’t under-selling yourself. The deal site does take a percentage of the sale, as well as expecting you to offer your service at a discount. As a company, we are still able to provide standout service while participating in deal sites. Nearly always, we’ve been able to put a handwritten “thanks” or other quick personal touch on invoices.

Jeremy: Make sure you’re set up to handle the logistics of running the deal. Are you really ready to ship and handle the customer service of selling 1,000 pieces of your product in three days when you normally only sell 20-30? There are some Groupon sellers who pretty much live at the office from November through Christmas, and these are veteran sellers.

Mitch: Every merchant must embrace, celebrate, and welcome daily deal customers. Dazzle them. Establish a concierge customer support team to help all and make sure every customer becomes a fan. Don’t lose money and try to make it up on volume. Make sure to over perform to win the customers back.

 

What questions should businesses ask of the daily deal sites they’re considering to ensure they’re getting the most exposure and “bang” for their advertising buck?

Erica: Here’s my list of questions every merchant should ask:

-What is the reach of the deal site? Meaning, how many emails go out each day to people.

-How can you have preferred placement on the deal site front page?

-What is the expectation for percentage off of your product or service?

-How much does the deal site collect?

-What are the payment terms? We’ve had everything from 48 hours to 90 days.

-What is the return policy? Does the site’s policy trump your company policy?

Jeremy: How will you be promoting my deal? Will you be selling a similar product at the same time and if so at what price? Getting listed on the deal sites is only half the battle; you still need to make sure you are getting top exposure from them via emails, alerts and top placement.

Mitch: Have the account manager help with structuring the deal. They know best from experience what works. Ask for help and recommendations on designing a game-changing, smart deal that’s a “win-win” for all.

 

What do these deal tech companies NOT tell you when you’re approached to do an offer on their site?

Erica: They don’t tell you the formula for getting preferential placement on the deal site page. Always ask.

As well, do your due diligence when you are considering working with a site. Are they reputable? We made a mistake of working with a deal site once that we had to send several emails to finally get paid for the deal. We misjudged the fact that they only seemed reputable. While we did get paid, our company didn’t want to be attached to those type of business practices, so we’ve discontinued our relationship.

Jeremy: How quickly you get paid. If you’re just starting out you may not realize that many of the big sites pay you net 60 or 90 days, and you’ll need cash flow to survive that. Speak to those with experience and ensure you know the terms of payment and everything else these companies put into the contract, as large companies know how to protect themselves in the event something goes wrong.

Mitch: They are up front with merchants and my years of experience with Groupon demonstrates they are working with you. Everything you need to know is available and often on their FAQ pages.

 

Strategic Funding provides needed operating funds to small businesses. Strategic Funding has helped business in hundreds of industries.  Industries served include: restaurants, personal services, construction, medical, manufacturing, agriculture, retail stores, automotive, and food stores.

About Us

Products

Contact Us