Individuals aren’t the only targets of scams. Scammers often target businesses as well, and when employees or business owners fall victim, the loss of funds and confidential information is devastating. One of the most common ways scammers target businesses is through business email compromise (BEC). Here’s how these scams work and how to avoid them.
Examples of business email scams
Common ways scammers target businesses and their team members is by impersonating contacts they are familiar with. The most common scam we are currently seeing are scammers impersonating vendors and then requesting businesses to change routing and account information for vendor payments. Another common example includes a scammer sending an email to an employee pretending to be an executive at the company. In the email, the sender asks the employee to pay an invoice, send company credit card information for an urgent need or purchase gift cards for employee recognition.
Business email scams can take on many different forms, but the scenario generally involves the requester being someone the employee is somewhat familiar with and they request funds or financial information for an urgent need.
How to avoid business email scams
Knowing how to spot malicious business email scam attempts is the key to preventing criminals from receiving company funds. Here’s what you can do to avoid BEC:
- Educate employees to spot and report scams. While not every department may be targeted by criminals, everyone can play a role in keeping your company safe from any type of fraud. The more employees know about spotting suspicious emails – and the more practice they have through regular trainings – the more they’ll be able to help you prevent attacks.
- Do not click. Not all BEC emails look the same. Part of your employee training should include how to interact with spam emails. The simplest rule is don’t. Don’t open the email, click any links, open attachments or respond. Any of these actions could put malware onto your computer or invite more action from the criminal.
- Watch for altered email addresses. Criminals will try to trick employees by making their emails look as similar to the actual email address as possible. This includes putting letters such as r and n together in place of an m, or a capital i in place of a lowercase l. Look carefully at the email addresses listed in any requests for financial information, passwords or funds.
- Question suspicious requests for ACH or wire transfers. ACH and wire transfers are the primary way BEC criminals try to steal from businesses. Any time a request for an ACH or wire transfer comes through, especially when it’s not a common payment practice in your company, should be a red flag.
- Verify all monetary requests. No matter who or where the request comes from, make sure to verify all requests for funds, payments and transfers via another form of communication. A simple phone call or walking over to your coworker’s office could save your company significantly.
Putting these practices into place can help your company avoid BEC attempts. However, if your company is targeted, remember to immediately alert your financial institution and IT department.