Be on the Lookout for Business Email Compromise Scams
If you receive an urgent email from your boss, your reaction would probably be to respond as quickly as possible. Now imagine that the completion of a critical deal or business arrangement hinges upon fulfilling a specific request from your boss. You need to reply and get it done ASAP, right? Not so fast.
Hackers have been using our natural knee-jerk reactions to these types of emails to scam businesses out of billions of dollars. This kind of scam is referred to as Business Email Compromise (BEC) and it’s been around since at least 2015 when Ubiquiti Networks lost $46.7 million. BEC has been on the rise since 2016 when the FBI disclosed 12,000 separate incidents. In just January through May of 2019, the U.S. had 10,600 complaints about BEC scams.
Business Email Compromise is a form of social engineering in which hackers prey upon our natural instincts to act and respond to authority. In many cases, the emails are crafted by ‘spoofing’ the email addresses of business management or someone known to the receiver of the email. This type of cybercrime has tripled in the last three years and has become one of the most pervasive forms of business fraud, despite major arrests of perpetrators all over the world.
The FBI says BCE emails can be broken down into six different types of messages:
- The CEO or other executive directing an employee to wire money to them
- A client or vendor changing a bank account for a payment invoice
- Upper management or HR requesting sensitive personal tax information from an employee
- A realtor or title company directing funds from the sale of real estate into a new account
- An employee changing their bank account for direct deposit
- A manager or someone known to the receiver of an email requesting a gift card on the sender’s behalf
Business Email Compromise messages come in a wide variety of forms. They are often brief, urgent emails asking you to bypass normal policies and procedures. Some of the more sophisticated messages could be specific to news of the day or even to your private inbox conversations. As always, you must be vigilant and give all emails a second and third look before you open them or take any action to respond.
Here are some other important tips for preventing BEC fraud:
- Check with an executive by phone or in person to verify a request to send money, provide personnel records, or fulfill any other unusual request.
- Verbally confirm emailed instructions from a vendor or supplier to change payment methods or bank information. Call them on a known contact number.
- Carefully check a sender’s email address. Scammers may slightly vary a genuine address by adding a letter or changing punctuation to make it seem legitimate at a quick glance.
- Be suspicious if anemail from an executive or employee comes from a Gmail, Yahoo or other personal account rather than an organizational account.
- Train your staff on the BEC threat and how to spot spoofed and spear-phishing emails.