Business Email Compromise continues to be the biggest threat to our financial system. It is one of the most financially damaging online crimes, exploiting the fact that so many of us rely on email to conduct business – both personal and professional.
In a BEC Scam, criminals send an email message that appears to come from a known source making it look like a legitimate payment request.
For example:
- Have you received an email request from the CEO or the Owner to send a payment today… maybe they aren‘t unable to speak to you on the phone?
- Or an email request from your vendor or supplier about a late payment.
- maybe an email request to change payment method from checks to electronic with the bank information included.
A scammer may spoof an email account or weblink… so you must stay alert. They may use malware preinstalled from a previous incident and wait until the right time to request a payment.
But the biggest threat we have seen is your trusted vendor, who is also a victim of a BEC scam. This time you are the target of a sophisticated attempt to use a previous email chain with a reply message that includes new payment instructions. The email appears to be legitimate; the website directs you to your trusted partner site and the contact information is the same, but are you really communicating with the right person?
Here are some helpful tips to mitigate a financial loss due to Business Email Compromise:
- Train your employees against email threats.
- Implement company policies for changes to vendor payment options, contact information & bank account updates.
- Implement controls such as dual control & two-factor authentication when processing electronic payments.
- Add special messaging indicating the email is from an external source.
- And finally, simply pick up the phone to verbally confirm the request to ensure you are speaking with the correct party.
These are just a few tips on what you can do to ensure the payment request is legitimate.
Remember payments are moving faster and faster with each advancement in technology, so we must remain vigilant against acting on just email or text communication…. again… pick up the phone and speak to someone. Preventing a fraud attempt is worth the call!