Tag: business email compromise

2.5 Billion Gmail users at risk after database leak exposes pertinent account information
It was recently revealed that Google’s Salesforce database was breached, exposing data for over 2.5 billion users at the time of reporting.

Initially it was being reported that the leak would primarily effect only their business users as the data found in Salesforce mostly pertains to those accounts. However that was quickly dispelled as Gmail users reported increased attacks against their accounts, with some users reporting they even received a call from alleged Google employees notifying them of the breach of their account.

We want to make it clear that no password data was leaked in this data breach (at least at the time of writing) instead the data is being used to increase the effectiveness of phishing attacks leveled at Gmail users. One example of the attacks that are occurring includes users being told to initiate an account reset wherein the bad actor intercepts the password and locks the original user out.

Another attack being initiated is what Google calls “dangling bucket takeover” where the attacker essentially has access to a link connected to the users Google storage and uses it to hijack their account. Google outlines the four ways you can protect against this kind of attack in the page linked.

While company based accounts might be the most prime targets – and this goes for phishing in general – that doesn’t mean individual users are safe. Spear phishing, a popular variant of phishing that involves researching and gaining access to user accounts outside of their prime target such as an employees close to the company lead, could be a motivator for the current rise in attacks related to this breach. They would then use those accounts to increase the legitimacy of phishing attempts leveled at the primary target (by sending messages as the compromised user).

It is paramount in 2025 that users practice good safety hygiene when it comes to their online data, especially in an age where the onslaught of data breach news can feel overwhelming and increase a sense of helplessness. Even though data breaches are not rare, users can still protect themselves in the following ways:
1. Enable Two-Factor Authentication (2FA)
- Turn on Google 2-Step Verification.
- Use an authenticator app (Google Authenticator, Authy, or similar) instead of SMS, since text messages can be intercepted.
- For even stronger protection, consider a hardware security key (e.g., YubiKey).
1. Use a Strong, Unique Password
- Avoid reusing passwords across multiple sites.
- Use a password manager (Bitwarden, 1Password, LastPass, etc.) to generate and store long, random passwords.
- Change your password immediately if you suspect any compromise.
1. Regularly Review Account Activity
- Check Gmail’s “Last account activity” (bottom right of inbox) for unusual logins.
- Review the Google Account Security page to see devices that have accessed your account.
- Remove old or unused devices and apps with account access.
1. Be Proactive Against Phishing
- Always verify the sender’s address before clicking links.
- Hover over links to confirm they point to legitimate Google domains.
- Turn on Gmail’s Enhanced Safe Browsing in account security settings for extra phishing protection.
Email remains the number one entry point for cyberattacks, from phishing scams to ransomware. At Valley Techlogic, we take a proactive approach to keeping your inbox safe. Our team helps businesses implement advanced spam filtering, real-time threat detection, and encryption to safeguard sensitive communications.

Beyond just tools, we provide continuous monitoring, security awareness training, and rapid response in the event of a breach. With Valley Techlogic as your partner, you can rest easy knowing your organization’s most critical communication channel is protected. Learn more today with a consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.
August 22, 2025
Received a weird text from your boss? You’re not alone, text scams are rising in popularity
You’re sitting at your desk when you receive a text on your phone, it’s allegedly from the CEO of your company. He may say this is his new number (or his personal number) and he’s reaching out to you by name, adding to the legitimacy of the text. If you respond, he’ll say he’s in an important meeting and he needs you to use your company card to buy gift cards as a gift for the attendants of the meeting.

If you do so, and he’ll be keeping in constant communication with you in spite of being in an “Important meeting”, he’ll say he doesn’t need the physical cards just the codes which you can find if you scratch off the back. He may thank you for being a team playing after providing the codes or stop responding altogether because unbeknownst to you, the scam has been successfully completed.

Why gift cards? Gift cards are untraceable and usually not refundable when purchased. The scammer will quickly move the funds off the gift card leaving you with the empty plastic remnants and no recourse. Other variations on this scam may request Cryptocurrency instead (such as a message sent pretending to be one of your friends or a family member) but scammers know this would throw up too many red flags in a workplace setting.

The request even that unusual, if you’re an executive assistant for instance you probably regularly make purchases at the request of your employer. Scammers may target the whole company if they’re unsure who the influencers to the decision maker are or they may target specific individuals.

How are they getting the information to make their requests see more legitimate? They find it in the following ways.
1. Your Company Website: Often times your website will have information about your key players on it, including contact information. While we don’t recommend excluding this information to prevent being a target (as it’s valuable to those you want to legitimately do business with) it’s a good idea to remember that it’s out there when you’re getting strange communications via text or email that may call you out by name.
2. Social Media: This may be your company social media pages or even your personal accounts. We recommend making your personal accounts private and not oversharing on social media in general.
3. Search Engines: Nothing beats a good old fashioned Google search, and the information that’s available about you online may shock you. Phone numbers, relatives names, addresses etc. can all be found online. While there’s no real way to prevent this, you can somewhat keep track of what’s been made available by creating Google Alerts for your name, email address, etc.
While text scams may never rise to the prevalence of BEC (Business Email Compromise) attacks – which are being sent out at the rate of 10 per 1000 inboxes per day – it still showcases the way scammers will strategically target you and your business.

If you are looking to beef up your cyber security protocols in 2024, including providing your employees training to prevent attacks like this one, Valley Techlogic can help.

Security training is included as part of your monthly plan with us, as well as 24/7 monitoring, data recovery and remediation, backup solutions and more. Get started with us today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 15, 2024
BEC Scams are becoming increasingly more common, and the payouts more lucrative
BEC or Business Email Compromise is a type of phishing scam where the target of the scam receives an email purporting to be someone they know, like a vendor they work with or a colleague. These scams are so common place that the Federal Bureau of Investigation even has a guide to protecting yourself from them.

We’ve even written before on how to spot a typical BEC email and a few ways to combat it, but we would like to circle back to this topic now as we creep into what is typically a very busy time for most business owners – the fourth quarter.

You may or may not be surprised to learn that BEC attacks rose in the fourth quarter last year and we’re not anticipating 2023 to be any different. 2022 even saw a rise in the ever popular “as-a-service” variant of attacks which means would be bad actors could enact their attacks with little actual effort on their part.

The technical know-how required for these attacks is also low, with some of them being as simple as just a variant on your normal phishing scheme but with the end goal being a direct payout rather than the user’s credentials or private information.

CISA (Cybersecurity and Infrastructure Security Agency) even reported on Russian state sponsored bad actors specifically targeting defense contractors using Microsoft 365 with their BEC schemes. Imitating Microsoft support is not a new scam, and like always you should be wary about any support person reaching out to you directly asking for your credentials, but the single-minded focus of this particular scam put government agencies like CISA and the FBI on red alert.

When we say these scams are becoming more lucrative, we definitely mean it, with it being estimated BEC victims lost 2.74 billion dollars in 2022 which was $300 million more than 2021. Like with most cyber attacks we anticipate they’ll continue to rise.

So how do you protect yourself from a Business Email Compromise scam in 2023?
1. Don’t overshare online. BEC is a social engineering scam, so the less information that’s readily available about you on the internet the less able a scammer is to pretend to be someone you know.
2. Forward emails instead of replying to them. As with normal phishing these scams are perpetrated over email. Forwarding emails forces you to type out the email address (thereby guaranteeing it goes to the right person). BEC attacks usually involve spoofing an email address or simply choosing a domain that’s similar to one you may be use to corresponding but having a slight misspelling or rewording.
3. In the same vein, check the sender’s email address before responding at all. You may be able to simply block the scammer when you discover they’re trying to imitate someone else by verifying the email address is incorrect.
4. Secure your own domain against domain spoofing. Many times, the attack is coming from “inside the house”. A very common BEC scam involves one of your employees receiving an email that looks like it’s from you or someone high up in your organization, except it’s not. Registering the domains you use for email will help protect against this very common variety of this scam.
5. Again, in the same vein as our last tip, use a domain that you’ve registered instead of a free email service. It might be tempting to keep using the Gmail address you’ve always used to avoid paying for a domain and email services, but it greatly increases your risk of a BEC attack being successful. Using a free email service allows attackers to create a new email with your name to then tell those you know you just “got a new email”. It would be very difficult to prove this is false without talking to you directly.
Many of the defense strategies against a BEC attack involve employee training. Attackers may not target you directly as the business owner when it’s easier to get to you (and your business) through a weaker link – often employees who don’t have the strategies available to avoid these kinds of scams.

Luckily, Valley Techlogic provides security training as part of our service packages. Below is a list of some of the training topics we cover for our clients:

Cyber security training is quick and is one of the easiest and most effective ways to have an overall safer environment for your business. Learn more about Cyber Security Training through Valley Techlogic as well as other the other cyber security services we offer today through a quick consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
August 11, 2023
Business Email Compromise (BEC) and Phishing – How Do You Combat It?
Business email compromise (BEC) and phishing are not new ways to scam, as soon as email rose to popularity as a dominant form of communications scammers saw a lucrative window and took advantage.

Before we explain how to avoid it we should explain what Business Email Compromise (BEC) is. BEC is when a legitimate business is sent an email that looks like it’s coming from another legitimate business, but it’s not. It’s actually a scammer spoofing that email identity. This is the most popular form of phishing but it’s far from the only version. Scammers can even spoof your own domain, so an email looks like it’s coming from within your own organization.

How do you combat something so insidious? The top way is training, by training yourself and your employees properly on what to look for then you can avoid these scams which cost people located in the US $57 million last year.

Here are some of the things we look for when determining is an email is a phishing attempt.
1. It may contain a generic greeting such as “Hello sir or madam” or “Hi Dear” a company you do business with or a person you know would probably know your name.
2. The email mentions some kind of fraudulent activity on your account and has a link asking you to confirm your private details to unlock or otherwise reinstate your account. This is a VERY common scam.
3. The links in the email are NOT from the business the email is purporting to be when you hover over them.
4. The email may contain spelling errors and sentences that sound strange grammatically.
5. The logos in the email may be of a poor resolution because these scammers do not have access to the real company assets.
6. The email is coming from a CEO or President of a large organization and is asking you to wire money in exchange for a lump sum in return later. These emails may not have spelling errors or strange links but ask yourself – would any CEO or President of a large company be asking you to wire them money?
That last one is key, if all the obvious methods of detection fail you may have to rely on just asking yourself if the request in the email makes sense. If the email looks like it is coming from someone you know personally, reach out to them via phone or in person to ask about it. Most of the time, victims who have had their emails compromised or spoofed have no idea it’s even going on.

Beyond training on knowing what to look for in a phishing email these are our top 3 things to protect yourself from scams across the board.
1. Keep the software on your devices completely up to date.
2. Use Multi-factor or 2 Factor Authentication on your accounts.
3. Backup your data regularly so on the off chance something happens, you’re covered.
If you receive an email you suspect is a phishing attempt, the best thing to do is not respond to it and report it. You can report suspected phishing emails to the FTC here.

For businesses located in the Central Valley, we offer cyber security training as part of our managed service plans (which includes comprehensive training on how to avoid phishing attacks).

Looking for more to read? We suggest these tech articles from the last week.
This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!
September 30, 2020