Many business owners have never heard of Business Email Compromise (BEC) but it’s a growing threat in the world of fraud. It can start as a simple email with new or different payment instructions for an expected invoice. But the person behind the email is a fraudster, posing as someone you know and trust like a vendor or executive, ready to take the payment from where you intended it.
Companies large and small are falling victim to BEC, with the latest survey from the Association for Finance Professionals showing that 82 percent of companies were targets of payments fraud last year. The percentage of BEC fraud has increased from 64 percent in 2014 to 80 percent in 20181.
The fraudsters behind BEC rely on familiarity and trust. They hack email systems, monitor the traffic, and then when the time is right, falsely personalize the situation to make you, or a colleague, want to help them — like changing an account number for a payment.
BEC can be difficult to detect because the transactions are consistent with regular payments and made by authorized personnel. However, there are key steps businesses of all sizes can take to help reduce the risk of BEC.
- Always verify payment requests and changes to payment instructions. If you receive a request to change payment details such as account or invoice information, always make sure the request is authentic. Verify the request using a different method of contact. For example, if the vendor contacts you by email, confirm the information by phone. Be sure to use the information you have for the contact on file, not in the request, as that may be fraudulent as well.
- Implement Dual Custody. Dual custody is one of the most effective deterrents against fraud, and it’s free and easy to implement. It requires two users on different devices to initiate and approve payments, providing a second chance to spot fraud from both internal and external sources before it ever occurs. Both the payment initiator and approver must pay close attention to payment details.
- Monitor Accounts. Always reconcile bank accounts daily. Imposter fraud may go unnoticed for up to 30 days so it’s important to pay close attention to your account activity. It also enables you to detect anything out of the ordinary. Educate Employees and Vendors. They are all targets of BEC too so it’s important to train them to recognize fraud. Instruct them to always verify new payment requests or account changes, even from executives. Define and implement a process to communicate and verify payment and account changes both internally and externally.
- Be Aware of Other Warning Flags. Fraudsters are finding new ways and situations to change the BEC landscape to potentially compromise payments. Here are other scenarios to be on the lookout for as you look to protect your business:
- If you have sent a payment to a vendor and they later contact you asking about the status, immediately call the vendor to confirm the account instruction.
- If a payment to a new account is returned, this could be a warning sign that the account information is fraudulent. Again, always call the requestor with the phone number on file, not in the request, to verbally verify the account information.
Companies large and small need to stay up-to-date on the threat landscape and strengthen their defenses against the potential threats of fraud in emails and the risks that could impact their company and its partners. Through proper awareness, process implementation, and education with key parties, you can help safeguard your business.
For more information, contact your Wells Fargo representative or fill out the Contact Us form on this site.
- 2019 Association for Finance Professionals Fraud & Control Survey