Insights

At its heart, Business Email Compromise relies on the oldest trick in the con artist’s book: deception. And, business professionals continue to fall victim to their scam. Carried out by multinational criminal organizations that employ lawyers, linguists, hackers and social engineers, business email compromise targets employees with access to company finances and tricks them into transferring funds.

The request typically involves a wire transfer request but can also request an ACH or sensitive data like personnel files. The company employee thinks they sent the funds or information to a trusted partner. In reality, the money or information ends up in the fraudster’s hands.

Let’s review how this happens.  

Step 1: Identify a target 
Organized crime groups target a company by exploiting publicly available information that they find on company websites, industry news articles, nonprofit organizations, SEC filings. They may also purchase information through both legitimate sources such as industry databases or not so legitimate sources such as the dark web.    

Step 2: Grooming
Fraudsters use a variety of tactics to fool their targets. They may send targeted phishing emails and obtain more information or introduce malware. They may call and phish various individuals in the company. They invest a lot of time in gathering information about their target.  

Step 3:  Exchange of Information
Fraudsters gain access to an employee email account or that of a company you are working with such as a vendor, title company or attorney’s office.  

Here is an example.

EMAIL 1 - Tom from ABC company sends an email to Pamela asking about a legitimate invoice

EMAIL 2 - Pamela provides a responsible answer

One fraud tactic involves scammers posing as someone they aren’t. Here, the fraudsters impersonate Tom to target Pamela.

EMAIL 3 -  “Tom” requests a wire with “current” bank account information. Notice the extra “C” in ABC Company.  

Pam, thinking she is replying to Tom, responds directly to the fraudsters.

EMAIL 4 - Pamela responds to “Tom” that a wire has been processed.

EMAIL 5 - The real Tom asks about payment of invoice 8 days later. The fraud is uncovered, and the money is gone.  

How to respond to Business Email Compromise 

The best way to prevent loss is to verify email requests for money or information with the requester via phone or text, using a number that you have on file, not one supplied in an email. If that doesn’t happen and funds are sent, the FBI reports, only one third get any money back. The sooner the compromise is identified and reported to the bank, the more likely the chance of recovery. 

Should your company send a wire you determined to be fraud, perform the following steps: 

1. Immediately contact the bank and request a recall. This will likely require an indemnification agreement by an authorized signer on the account.
2. Engage a cyber security professional. Some of the things to consider are where was the point of compromise?  What is the network security status? Was the email spoofed or hacked?  
3. Change email and online banking passwords from a known safe network.  
4. Contact your local FBI office and report the crime and report the crime to www.ic3.gov
5. Finally, prepare to be targeted again. Review internal policies and processes. Work with your bank and cyber security professional to mitigate losses if targeted again. Fraudsters sometimes think if it worked once, it will work again.  

Thank you for watching, and for additional business related articles or videos visit oldnational.com.

---