Security News > 2020 > July > Sports team nearly paid a $1.25m transfer fee… to cybercrooks
Apparently, one of the UK's top football clubs - the report doesn't say which one - almost paid out £1m to crooks after a genuine-looking but fraudulent email convinced the club to nominate a new account to receive the funds.
The basic idea behind BEC crime is surprisingly simple: get hold of the email password of someone of importance in the organisation, read all their email before they do, learn how they operate, find out what the company is up to and learn when big payments are coming up, in or out.
If a crook is inside your email, remember that they can not only send emails in your name, they can also: delete those emails from your outbox so you don't even see they were sent; intercept and remove or modify any replies from colleagues who become suspicious and ask questions; mollify others in the company who are trying to raise the alarm; and threaten those who try to get in the way.
Turn on two-factor authentication so that a password alone is not enough to access your accounts, especially email.
As carpenters like to say, "Measure twice, cut once." If you want to check details with another company based on an email, especially when money is involved, never rely on contact data provided in the email.