Business email compromise
There’s a new favorite scam amongst fraudsters. It’s called business email compromise—or BEC. It’s the online payment scam of choice, and it’s growing fast. In fact, 80% of customers surveyed have experienced a BEC incident.
With BEC, a scammer compromises a legitimate business email account and uses it to trick you into handing over your money.
2018 saw a record number of companies targeted by BEC scams, with over half of those companies suffering financial loss as a result.
Between 2013 and 2018, global financial losses from BEC fraud totaled $12.5 Billion. Unfortunately, that number only promises to rise.
Wire transfers and ACH credits are the most common types of BEC fraud, with check payments a distant third. This is significant. The shift from checks to ACH credits means scammers are hacking into company systems and taking over the accounts.
Fraudsters are becoming much more sophisticated. Some pose as senior executives using spoofed email addresses or hacked Outlook accounts. Others as HR departments, directing employees to sign in using links. They impersonate vendors using authentic invoices as bait, as well as third parties, with requests for changes to bank accounts or instructions.
To protect your company, here are the four key actions you should take to help defend against BEC fraud.
One. Use a different contact method to confirm any changes or requests. If the request comes by email, call the vendor on the phone to verbally verify payment requests or to change account information.
Two. Always use the vendor or customer contact information you have on file to verify requests. Never use phone numbers or account numbers contained in an email. They could be falsified.
Three. Use dual custody when making account number or payment instruction changes in the vendor management or maintenance process. The person initiating must verify the changes, while the one approving must conduct their own independent verification.
And four. Scrutinize emails. They can be ever so slightly altered to disguise a fraud attack.
Stay vigilant. Scammers are upping their game, and you need to do the same.
Remember, following these four actions will help keep fraudsters frustrated, and your money where it belongs.
1. 2019 AFP Payments Fraud and Control Report Summary
2. The Federal Bureau of Investigation