#Let’sTalk Business Email Compromise

Business email compromise (BEC) is one of the most financially damaging online crimes. It happens when a cybercriminal gains access to business email accounts and uses those accounts to pose as an employee of that business and send fraudulent requests or payment changes to that business’ vendors, employees, and customers. Its goal is to trick real people into sending money by ACH or wire transfer to fraudulent destinations.

To be clear, when a business or organization you work with becomes compromised, YOU become the fraudster’s next target. Fortunately, there are things you can do to protect your business from falling victim.

BEC Examples and Red Flags for Fraud

  • A vendor your company regularly deals with emails you to ask you to update their contact information with a new address or bank account number.
  • You receive an invoice by email with new payment instructions for a bill you owe and are asked to send the money by ACH or wire transfer.
  • An email that appears to be from someone in your company asks you to wire money to someone right away.
  • You receive a message from a realtor, title, or bank with instructions on how to wire a down payment or loan proceeds.

Protect Yourself with These Steps

  • Verify any new or change in payment instructions to a vendor or supplier by calling to verbally confirm the request (use a phone number from your personal contact list or source, and not a number provided from the email).
  • Limit the number of employees within your business who have the authority to initiate or approve ACH/wire transfers.
  • Utilize additional approval methods (out-of-band) to verify ACH/wire transfer requests that appear to be coming from executives. This may include calling the executive to obtain verbal verification.
  • Require dual-approval for any ACH/wire transfer request involving a dollar amount over a certain threshold, new bank or account numbers for a current vendor and/or ACH/wire transfer recipient, or wire transfers to countries outside of the normal transaction patterns.
  • Be suspicious of any email asking you to update payment information, payment methods, or account numbers. If you receive an email that asks you to do any of the above, call the business or individual directly at a number you know to be true.

    Have questions? Need to talk with us?