Education is The Strongest Line of Defense

Business Email Compromise and Education

This month at Pendello we have been focusing on Business Email Compromise as the risk is definitely on the rise. If you remember, Business Email Compromise (BEC) is when an organized crime group gains access to your email through deception with the use of spear-phishing, identity theft, email spoofing, malware, and social engineering. In the past two weeks’ blogs, we introduced BECs and the different types of attack attempts. This week we are delving into how to recognize attack attempts. As 93% of all investigated data breaches can be traced back to a specific employee, we at Pendello Solutions know that end-user education is your best defense. So this month Pendello is bringing you some guidelines to look for when dealing with your day to day communications.


  • Trust your gut.
    • If it seems odd, it most likely is. If an email comes across and the wording or request seems out of character, always verify. Also, Microsoft and other software providers will not ask for your login information.


  • If it seems too good to be true, it probably is…
    • Your great uncle whom you’ve never heard of isn’t going to leave you his estate. Although it may seem like the story you’ve been waiting your whole life to receive, that’s precisely what they want you to feed in to.


  • If there is a sense of urgency, verify before you act.
    • Remember, the SEC recomends dual verification before any transaction can be completed. Meaning, an email and a phone call should occur before a financial transaction can be verified and completed.


  • If there are grammatical errors, investigate.
    • Very commonly in a phishing email, there will be grammatical errors. Always remember to check the email address in addition to the contact. Also, hover over any link to verify the actual URL.


According to the FBI, in 2018, BEC scams cost businesses over $12 billion; so always be aware and be smart. Don’t ever hesitate to reach out to our Pendello Solutions team of business technology associates to investigate any suspicious communications. Nothing is ever too urgent to risk putting your company in extreme financial hardship.