The E-mail That Almost Took Down Alex’s Non-Profit
Alex’s non-profit was thriving. The team had secured new funding, streamlined operations, and strengthened cybersecurity after tax season. Everything seemed to be running smoothly until the finance manager rushed into the office one morning.
“Did you approve this wire transfer?”
The e-mail had come from Alex’s account, requesting a $12,000 transfer to a vendor. It was perfectly written, used the right internal phrasing, and even referenced a recent project.
The only problem? Alex never sent it.
This was a classic Business E-mail Compromise (BEC) attack—one of the fastest-growing cyber threats. Hackers had gained access to Alex’s e-mail and nearly tricked the team into wiring money straight to them.
Sound extreme? It’s not. BEC scams accounted for $6.7 billion in global losses in 2023 and they’re getting worse. This is the 4th and final article on our fictional Non-profit leader, Alex, who helps Veterans with medical and housing in Portland, Oregon.
What Is a Business E-mail Compromise (BEC) Attack?
Unlike generic phishing scams that cast a wide net, BEC attacks are highly targeted. Hackers infiltrate or spoof a trusted e-mail account and manipulate employees into sending money, sharing sensitive data, or revealing login credentials.
🔹 They don’t need malware. Instead, they use trust and urgency to trick victims.
🔹 They often impersonate executives, vendors, or partners to make requests seem legitimate.
🔹 They are incredibly effective. The average BEC attack results in $137,000 in losses per incident and recovering stolen funds is nearly impossible.
With AI-driven cybercrime on the rise, these scams are becoming even harder to spot. Attacks increased by 42% in 2024 alone.
They were lucky; the team caught the fraudulent request in time. But Alex knew that next time, the outcome might not be as fortunate. Determined to prevent future threats, they took action.
The Four BEC Scams Every Organization Must Watch For
After working with the IT provider, Alex learned that BEC scams take many forms. Here are the top four businesses and non-profits need to watch out for:
- Fake Invoice Scams – Hackers impersonate vendors and send realistic-looking invoices requesting urgent payment.
- CEO Fraud – Attackers pose as high-level executives, pressuring employees to send money or sensitive data.
- Compromised E-mail Accounts – Criminals hack into a real account and send fraudulent messages instead of spoofing an address.
- Vendor Impersonation – Attackers pose as trusted third-party vendors, making fake requests that seem routine.
Alex’s organization had just barely avoided being a victim and wasn’t going to risk it happening again.
How Alex Stopped BEC Attacks Before They Could Strike Again
Alex worked with the IT team to put five critical protections in place. Here’s how you can do the same:
1. Train Your Team Like It’s Game Day
Alex made sure the staff knew how to spot phishing and BEC scams:
✔ Verify all financial requests, especially urgent ones.
✔ Never rely on e-mail alone—double-check requests over the phone.
✔ Be skeptical of sudden account changes or new payment instructions.
Hackers count on employees not questioning these requests. Training eliminates that risk.
2. Enforce Multifactor Authentication (MFA) on All Accounts
Hackers got into Alex’s e-mail because the organization wasn’t using MFA. They quickly enabled it on:
🔹 E-mail accounts
🔹 Financial platforms
🔹 Any software storing sensitive data
Now, even if a hacker steals a password, they still can’t get in.
💡 Pro Tip: If your business isn’t using MFA, you’re one stolen password away from disaster.
3. Regularly Test & Restore Backups
The non-profit could have lost everything if a hacker wiped or encrypted Alex’s files.
Their IT provider now:
✔ Performs regular backup tests to ensure data can be restored.
✔ Stores backups securely, so they can’t be accessed by hackers.
A backup that doesn’t work when you need it is just as bad as no backup at all.
4. Get Serious About E-mail Security
Alex upgraded their e-mail security to:
✔ Automatically flag suspicious messages with unusual sender behavior.
✔ Block malicious links and attachments.
✔ Restrict access to sensitive information on a need-to-know basis.
💡 Pro Tip: Hackers thrive on e-mail vulnerabilities. Strong filters and security policies keep them out.
5. Verify Financial Transactions … Every. Single. Time.
Going forward, Alex’s team never processes financial requests without verifying them via a second method (such as a phone call).
✔ Unexpected invoice? … Call the vendor.
✔ New payment instructions? … Confirm with leadership.
✔ Urgent request from an executive? … Double-check before acting.
This one extra step prevented the next BEC attack before it even happened.
BEC Scams Are Evolving. Will Your Business Be Ready?
Alex’s organization almost became part of the $6.7 billion BEC crisis. They are not taking chances anymore.
If your business or non-profit isn’t actively protecting against BEC scams, you’re at risk.
Want to make sure your cybersecurity is strong enough to stop hackers?
👉 Start with a FREE Network Assessment. https://www.10dtech.com/security/
✔ Identify weak points in your security.
✔ Implement protections against BEC scams.
✔ Ensure your systems are ready for evolving cyber threats.
Click here to schedule your FREE Network Assessment today! https://www.10dtech.com/security/
Don’t wait until it’s too late. Stop BEC scams before they stop your business.
That’s a Wrap!
This marks the end of our 4-part series following Alex’s journey to secure the organization and eliminate costly IT problems.
If you missed any of the previous weeks, check them out here:
📌 Week 1: IT Spring Refresh: How Non-Profit Leaders Can Optimize Security & Efficiency
📌 Week 2: Tax Season Cyber Scams: How to Protect Your Organization from Hackers
📌 Week 3: Tech Troubles No More: Eliminating Costly IT Headaches for Good
Want more cybersecurity insights? Stay tuned for future articles and make sure your business is protected today!
. 
