How to Avoid Business Email Compromise
Private citizens aren’t the only targets of identity theft. Businesses are also facing fraud attempts, and many have fallen victim to criminals who steal hundreds of thousands of dollars. Known as business email compromise (BEC), fraudsters impersonate company executives and request wire transfers over email. While BEC is increasing, the FBI estimates this type of scam has already cost U.S. businesses more than $3.1 billion between October 2013 and May 2016.
Knowing how to spot malicious business email compromise attempts is the key to preventing criminals from receiving company funds. Here’s what you can do to avoid BEC:
- Educate employees to spot and report scams. While not every department may be targeted by criminals, everyone can play a role in keeping your company safe from any type fraud. The more employees know about spotting suspicious emails – and the more practice they have through regular trainings – the more they’ll be able to help you prevent attacks.
- Do not click. Not all BEC emails look the same. Part of your employee training should include how to interact with spam emails. The simplest rule is don’t. Don’t open the email, click any links, open attachments or respond. Any of these actions could put malware onto your computer or invite more action from the criminal.
- Watch for altered email addresses. Criminals will try to trick employees by making their emails look as similar to the actual email address as possible. This includes putting letters such as r and n together in place of an m, or a capital i in place of a lowercase l. Look carefully at the email addresses listed in any requests for financial information, passwords or funds.
- Question suspicious requests for funds or wire transfers. Wire transfers are the primary way BEC criminals try to steal from businesses. Any time a request for a wire transfer comes through, especially when it’s not a common payment practice in your company, should be a red flag.
- Verify all monetary requests. No matter who or where the request comes from, make sure to verify all requests for funds, payments and transfers via another form of communication. A simple phone call or walking over to your coworker’s office could save your company significantly.
Putting these practices into place can help your company avoid BEC attempts. However, if your company is targeted, remember to immediately alert your financial institution, IT department and file a complaint with the Internet Crime Complaint Center (IC3). Contact me or view our other Security articles to learn more.