Insights

INSIGHTS OVERVIEW

At its heart, Business Email Compromise relies on the oldest trick in the con artist’s book: deception. And, business professionals continue to fall victim to their scam. Carried out by multinational criminal organizations that employ lawyers, linguists, hackers and social engineers, business email compromise targets employees with access to company finances and tricks them into transferring funds.

The request typically involves a wire transfer request but can also request an ACH or sensitive data like personnel files. The company employee thinks they sent the funds or information to a trusted partner. In reality, the money or information ends up in the fraudster’s hands.

Let’s review how this happens.

Step 1: Identify a target
Organized crime groups target a company by exploiting publicly available information that they find on company websites, industry news articles, nonprofit organizations, SEC filings. They may also purchase information through both legitimate sources such as industry databases or not so legitimate sources such as the dark web.

Step 2: Grooming
Fraudsters use a variety of tactics to fool their targets. They may send targeted phishing emails and obtain more information or introduce malware. They may call and phish various individuals in the company. They invest a lot of time in gathering information about their target.

Step 3: Exchange of Information
Fraudsters gain access to an employee email account or that of a company you are working with such as a vendor, title company or attorney’s office.

Smart solutions for your business

When you're running a business, it's important to have a trusted financial partner – a team of experts who will listen and help you make informed decisions. Whether you're looking for expertise in financing future growth, processing payments, maximizing cash flow or another financial need, Old National is here to help.

Here is an example.

EMAIL 1 - Tom from ABC company sends an email to Pamela asking about a legitimate invoice

EMAIL 2 - Pamela provides a responsible answer

One fraud tactic involves scammers posing as someone they aren’t. Here, the fraudsters impersonate Tom to target Pamela.

EMAIL 3 - “Tom” requests a wire with “current” bank account information. Notice the extra “C” in ABC Company.

Pam, thinking she is replying to Tom, responds directly to the fraudsters.

EMAIL 4 - Pamela responds to “Tom” that a wire has been processed.

EMAIL 5 - The real Tom asks about payment of invoice 8 days later. The fraud is uncovered, and the money is gone.

How to respond to Business Email Compromise

The best way to prevent loss is to verify email requests for money or information with the requester via phone or text, using a number that you have on file, not one supplied in an email. If that doesn’t happen and funds are sent, the FBI reports, only one third get any money back. The sooner the compromise is identified and reported to the bank, the more likely the chance of recovery.

Should your company send a wire you determined to be fraud, perform the following steps:

Immediately contact the bank and request a recall. This will likely require an indemnification agreement by an authorized signer on the account.
Engage a cyber security professional. Some of the things to consider are where was the point of compromise? What is the network security status? Was the email spoofed or hacked?
Change email and online banking passwords from a known safe network.
Contact your local FBI office and report the crime and report the crime to www.ic3.gov
Finally, prepare to be targeted again. Review internal policies and processes. Work with your bank and cyber security professional to mitigate losses if targeted again. Fraudsters sometimes think if it worked once, it will work again.

Thank you for watching, and for additional business related articles or videos visit oldnational.com.

More ways to secure your information

Our online security center provides additional actions you can take to protect your company from financial fraud.

Copyright © 2022 ONB

This content is not intended to provide legal, tax, accounting, financial or investment advice or indicate the suitability of any product or service for your unique circumstances. You are encouraged to consult with a qualified legal, tax, accounting, financial or investment professional based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

OTHER RECENT POSTS

Buying Holiday Gifts Without Breaking the Budget

The holiday season is in full swing and you are probably trying to balance your desire to buy gifts for family with your aversion to lots of debt. I thought it would be useful to share some ways that I prepare for holiday expenses.

Countdown to the Holidays: Last-Minute Ideas for Small Business Owners to Boost Shopping Traffic

As you’re making (and remaking!) your promotional list and checking it twice, here are eight ways to boost traffic with shoppers, both in-store and online.

Championing DEI: a powerful differentiator for ONB

Championing diversity, equity and inclusion, within our company and in the communities we serve, is more than just an organizational priority for Old National. We also recognize that our stakeholders have increased expectations for transparency and accountability, and we are refining our strategy and frameworks to meet these expectations.

Ready to thrive and make a difference? Consider ONB!

Are you looking for an organization that is committed to helping you grow both personally and professionally? Do you dream of joining a company that empowers you to make a difference in your community? If so, Old National might be the ideal place for you to begin the next phase of your career journey.