March 23, 2022 — 3 min read
Wire fraud and Business Email Compromise (BEC) have been on the rise and can be one of the most financially and reputationally damaging online crimes.
What should you look out for and what steps can you take to protect your business and minimize the risk that it could happen to you?
Put simply, Business Email Compromise (BEC) is a type of fraud in which an attacker obtains access to a business email account, imitating the identity. They then use this to potentially defraud the company, its employees, customers or partners.
Also known as ‘phishing’ the criminals attempt to trick people into transferring funds or revealing sensitive information.
According to the FBI, BEC is the costliest category when it comes to fraud – and resulted in losses of approximately $1.8billion in the United States alone.
Relying on the fact that using email to conduct business is now a common part of a business activity, criminals send a message that appears to come from a reliable source, seemingly making a legitimate request. These requests can include:
A vendor regularly used by your business requests you update the mailing address / banking details and / or beneficiary.
An email from your company President asking you to transfer funds to them whilst they are traveling.
A request for company banking information from someone alleging to be a new supplier.
An email stressing an urgent response, playing on emotions and asking for an immediate transfer of funds.
Here are some ways for your business to avoid becoming a victim of financial crime.
Request verbal confirmation from the party sending the email. Call your usual contact to confirm that the request is legitimate.
Establish robust internal procedures that ensure an additional level of authority is required to sign off on requests to change vendor details.
Request a wet signature on a document that seeks changes to bank details, which includes the new details.
Look out for changes in spelling or grammar that seem different to the typical type of communication you receive from that contact.
Check email addresses for ‘spoofed’ email accounts.
Where a vendor demands payment, check invoices that may appear doctored or altered in any way.
Before making any wire transfers for requests that appear out of the ordinary or making any changes to an account off the back of an email request, always verify the information provided. By ensuring you and your staff are aware of the risks, know what to look out for and have robust internal procedures in place for dealing with requests, you can prevent criminals from profiting from your business.