Business email compromise is a prolific scheme, one that is ever evolving and non-discriminatory. The FBI indicates all types and sizes of businesses are targeted with Business Email Compromise. As fraudsters become more sophisticated, these scams continue to evolve. I’m going to explain what business email compromise is and how to protect your business from it.
Business Email Compromise, also known as BEC, is a sophisticated scam that targets businesses. It is carried out when a fraudster compromises a legitimate business email account. This can be done through social engineering or often times by computer hacking. Their ultimate goal is to deceive someone within your organization and get them to transfer funds or provide sensitive data.
The FBI said that in 2017, over 15,000 business email compromise incidents occurred in the US, with losses totaling over $675 million. Only one-third of those funds were successfully returned, the rest was unrecovered and the businesses took a loss.
What can you do to protect yourself and your company?There are cost-effective ways to protect yourself and your company without sacrificing efficiency in operations. The most effective way is to verify funds transfer requests or information sent to you by email. Use an alternate form of communication such as phone or text to contact the requester. It is important to use a known number and not a number provided in the email.
Is your bank a true partner?
In business, you want a financial partner that has providing solutions to fit your best interest ingrained into the company culture. A place where going the extra mile is business as usual. For nearly 185 years, Old National Bank has been your bank for business.
What are some red flags to watch out for?
Look out for any urgent or last minute requests. Fraudsters try to get the target to act before they have time to think.
Some requests may try and have you contact a different phone number than the one you already know. They may also say they are unavailable by phone.
An uncharacteristic request for secrecy or confidentiality is a warning sign. The fraudster doesn't want the target to share the request because they might be warned of a scam.
Names used are formal, such as Robert, Christopher or James when your contact typically uses Bob, Chris or Jim.
Email addresses are misspelled. Look for signs of a letter being used for a number or vice-versa, such as an "L" being substituted for a "1" or a zero for the letter O. Look for extra or missing letters within the email address.
TIME OF DAY
Was the email sent during odd hours? Sometimes the email time and date stamp from a fraudster can be significantly different than the person believed to be sending the email.
Pay attention to odd wording, such as the use of “kindly” in place of “please” or an improper use of prepositions.
DOES IT MAKE SENSE?
Imagine an email from a long-time Hong Kong-based vendor requesting their payment be directed, not to their normal Hong Kong bank, but instead to a bank located in the UK. Why would a Hong Kong company use a bank in the UK?
To safeguard your organization ensure associates are aware of this scam and review policies to require verification of email requests for funds transfer. Simply being aware of this scam and verifying requests for funds transfer will go a long way to protect your organization from loss associated with Business Email Compromise.
Copyright © 2018 ONB