Beware of Business Email Compromise (BEC) Scams Disguised as File-Sharing Requests
Cybercriminals are getting more creative every day. And one of their favorite tricks right now is a business email compromise (BEC) attack. This is when hackers gain access to a legitimate business email account and use it to send out malicious messages. Because these emails come from real, trusted accounts, they can be difficult to spot.
How the Scam Works
You might receive an email that looks perfectly normal—a message from a vendor, colleague, or client that says, “Here’s the file we discussed,” with an attached PDF or a link to view the document. The message even comes from a genuine business email address, so everything looks legitimate.
But once you open the “document,” you’re redirected to what appears to be a secure login page. Sometimes, you’ll even be asked to complete a “security verification” before signing in, providing another layer of deception meant to build your trust. Unfortunately, if you enter your username and password, you’ve just handed your credentials directly to the attackers.
A Real-World Example
Imagine this: a company’s accounting department receives an email from what appears to be their vendor’s billing manager. The email includes a PDF labeled Invoice_1032.pdf. When the recipient opens it, the file launches a login page asking them to verify their Microsoft 365 credentials. Thinking it’s a normal security step, the employee logs in, unaware that the credentials are being sent straight to a cybercriminal who can now access the company’s entire email system.
From there, the attacker can impersonate others within the organization, request payments, send more fake invoices, and spread the scam even further.
How to Protect Yourself
- Be suspicious of attachments or links that open in your browser. If clicking an attachment or file takes you to a login page, stop immediately. It’s likely a phishing attempt.
- Don’t be fooled by “security checks.” Cybercriminals often add fake verification steps to make their pages look legitimate.
- Confirm unexpected requests directly. If a vendor, coworker, or manager sends an unusual file or payment request, verify it using a known contact method, and never by replying to the email.
- Stay alert, even with trusted sources. A real email address can still be compromised. Always think twice before opening attachments or entering credentials.
At Citynet, we help businesses strengthen their defenses with cybersecurity awareness training, multi-factor authentication, and continuous monitoring. Protecting your team from these evolving scams starts with awareness, and a partner who understands how to keep your organization safe.
Learn more. Call us at 800.881.2638 to schedule a free consultation!
