The Federal Bureau of Investigation (FBI) recently released a warning to businesses about the rise in what is known as business email compromise (BEC) scams and how to protect themselves from it. Business email compromise scams, unlike other forms of scams, specifically target businesses and individuals involved in business deals.
The aim of the scam is usually to obtain sensitive information from individuals on the verge of performing legitimate transfer-of-funds requests, before tricking them into making fraudulent wire transfers. In the last 10 years alone, sophisticated business email compromise scams have resulted in losses of over $55.5 billion in the United States. In this article, you'll learn how to identify common red flags for BEC and how to protect your business from these scams.
How Do BEC Scams Work?
Like most scams, Business Email Compromise (BEC) scams start out by using social engineering techniques to conduct phishing attempts on targeted email accounts. BEC scammers can also do this by hacking the target's computer or by using stolen credentials.
As soon as they gain access to the targeted account, the next step is to unearth information that can be used in the scam. Some of the common techniques used in this stage of the scam includes monitoring the account for communications, hijacking message threads and taking over conversations, and copying the writing style of the account holder to make the scam more believable.
Once this is done successfully, the impersonation is complete. The scammer will now send emails to individuals in charge of funds transfer, attempting to lure them into sending money to an account controlled by the scammer. In most BEC attempts, the scammer would often impersonate the CEO or other members of the C-Suite and send requests to the finance team to make fraudulent wire transfers.
Although scammers sometimes use local accounts, most accounts used in these scams are often domiciled in international banks in the UK, Mexico, China, Hong Kong and the UAE. As soon as the transfer is made, the funds are quickly transferred out of the initial account to other financial institutions. Unless the scam is immediately identified, the money transferred out could be lost forever.
Common BEC Red Flags To Identify
These are some of the red flags for BEC you should be on the lookout for:
Unexpected Requests
Unsolicited requests for urgent payments or transfers, especially when they come from unfamiliar email addresses or do not follow the usual communication patterns should be treated with suspicion.
Clever Changes in Email Addresses
Always verify email addresses before making any transfer. BEC scammers often use slight variations in email addresses to trick recipients. Sometimes, these variations are clever enough that, if not checked intently, could pass as the normal email address.
Unusual Payment Methods
If a payment request involves payment channels that deviate from the norm such as wire transfers or cryptocurrency, it's best to carry out further authentication just to be sure.
Poor Grammar and Spelling
This is not always a definitive sign, but grammatical or spelling errors in an email could be a sign of fraud. Sometimes business email compromise scammers are untrained or uneducated enough to write official emails in the standard required for certain transactions.
Urgent Requests
Genuine requests give sufficient time for verification. If an email is demanding immediate action without explanation, be immediately on your guard.
The Bottom Line
To protect your business from BEC scammers, consider implementing multi-factor authentication to add an extra layer of security to your email accounts, train your employees in basic cyber security measures and how to identify red flags for BEC, verify all requests through alternative channels like phone calls or in person meetings, regularly update your software and staying vigilant. With these measures in place, you can mitigate the risk of falling for business email compromise scams.