One of the latest, and most devastating scams facing businesses today is known as a “business email compromise” scam, or BEC. Unlike the old Nigerian Prince scams of years past, these schemes are sophisticated and so well done that they are taking smart business people for hundreds of thousands of dollars. In fact, one Texas school district recently lost $2.3 million in a BEC scheme. Never heard of a BEC? We have all the information to keep your business safe.
What is a BEC? According to cybersecurity experts Trend Micro, the scams used to be known as Man-in-the-Email scams. Trend Micro reports, “BEC scams often begin with an attacker compromising a business executive’s email account or any publicly listed email. This is usually done using keylogger malware or phishing methods, where attackers create a domain that’s similar to the company they’re targeting, or a spoofed email that tricks the target into providing account details.” The schemes have a few variants, but AARP describes one that is popular with criminals “An employee with access to company accounts receives an urgent email request, ostensibly from a top executive, to wire a large sum of money for what sounds like a legitimate purpose, such as an acquisition or vendor payment. The message includes routing data for a bank account that’s actually controlled by the fraudsters, often at a foreign bank. In a variation on this scam, the email supposedly comes from a vendor seeking a change in its payment account.” You might wonder who’s falling for the scams. A lot of people. Think about it. You get an email from your boss’s account that tells you to make a payment to a company you’ve done business with before. It might be worded “I’ve just gotten off the phone with them. We’ve missed a payment, please do this ASAP. Here’s their account info.” It’s much more believable and raises fewer red flags than being offered millions of dollars for helping a foreign “prince”. These are sophisticated schemes and smart business people are falling for them. The FBI tells of a case that “illustrates how the BEC scheme works: Beginning in 2015, two men working remotely from the United Kingdom and Nigeria sent emails to an executive at a Connecticut-based company appearing to be from the company’s CEO, who was also located overseas. The purported CEO was requesting a wire transfer of funds. The email looked legitimate, so the company’s controller sent multiple wire transfers totaling more than $500,000. But as it turns out, the CEO’s email account had been spoofed—and the money went straight into accounts managed by the criminals.”
How big of a threat are these schemes? Even though these types of criminal enterprises are fairly new (the FBI only began tracking them in 2013) the dollar amounts are mind-boggling. Since 2013, the FBI says losses in the U.S. are more than $10 billion. The FBI notes that “Criminal organizations that perpetrate BEC schemes don’t just target companies. They also exploit individual victims—such as real estate purchasers or the elderly—by convincing them to make wire transfers to bank accounts controlled by the criminals. The scam can also involve requests to purchase gift cards and send the serial numbers or to mail a check, but the request will always appear to come from someone known to or trusted by the victim.”
Here are steps to take to avoid having your company fall victim to these crimes. One big step is educating your employees about these types of crimes. They may have never heard of this type of crime. FBI Special Agent Jennifer Boyer advises employees to “Take a moment to consider that maybe it’s not your boss and pick up the phone and verify. It’s that second-factor authentication that people really need to implement, and so many people don’t.” The FBI recommends:
- Use two-factor authentication to verify any change to account information or wire instructions.
- Check the full email address on any message and be alert to hyperlinks that may contain misspellings of the actual domain name.
- Don’t supply login credentials or personal information in response to a text or email.
- Regularly monitor financial accounts.
- Keep all software and systems up to date.
As a small business owner, you have a lot on your plate, including keeping your company safe from criminals. If you need help with time-consuming every-day tasks so you can work on the big issues facing your company, we can help. Reach out to us and find out what we can do for you.