02 Mar Business Email Compromise: The 5 Billion Dollar Scam
According to the FBI’s Internet Crime Complaint Center (IC3), Business Email Compromise (BEC) schemes have caused at least $5.3 billion in total losses over the past three years to approximately 24,000 organizations around the world. The average loss per victim is about $218,000. Companies of all sizes and types are targeted leaving a long wake of financial and emotional damage.
Scammers go to great lengths to research and target employees who work with company finances. They often send emails posing as the company CEO and instruct their target to make funds transfers. There are many versions to this scam, including sending a bogus invoice and compromising an employee’s email account to gain more information, which is why it’s important to understand how BEC works and to know where your vulnerabilities lie.
As devastating as this crime is, it’s equally easy to avoid being exploited.
- Carefully scrutinize all emails. Be wary of irregular emails sent by high-level executives. They can be used to trick employees into acting with urgency. Review and verify emails that request funds transfers.
- Raise employee awareness. Educate employees about cybercrime and how they can help protect the company. Review company policies and encourage employees to develop good security habits.
- Verify any changes in vendor payment location by using a secondary sign-off by company personnel.
- Stay updated on customers’ habits, including the details, and reasons behind payments.
- Verify requests. Confirm requests for funds transfers by using phone verification as part of two-factor authentication. Use previously known phone numbers, not the phone numbers provided in the email.
- Report any incident immediately to law enforcement or file a complaint with the IC3.
A complete list of self-protection strategies is available on the U.S. Department of Justice website.
If you or your company have been victimized by a BEC scam, it’s important to act quickly. Contact your financial institution immediately and request that they issue a “SWIFT recall of the transfer.” For domestic transfers, ask your financial institution to send a “hold harmless” letter to the beneficiary bank. Always file a complaint with IC3, whether the attack has been successful or not.
Powered by www.InfoSightInc.com