Business E-mail Compromise (BEC), commonly known as “CEO fraud,” is a rapidly increasing concern affecting companies’ financial and data security today.
What exactly is BEC? It has been defined as a scam that targets businesses working with foreign suppliers and/or businesses that regularly use wire transfer payments. Scammers skillfully gain access to and impersonate company executives, attorneys, or suppliers through e-mails to fraudulently authorize the transfer of company funds. Payments are then wire transferred from their victims to foreign banks where they are quickly dispersed to the scamming party.
With so many businesses being affected, including The Scoular Co., one of Omaha’s largest companies, it is important to educate yourself and your employees about BEC.
According to the Internet Crime Complaint Center (IC3) there have been 14,602 victim complaints of BEC in the U.S alone from October 2013 to May 2016. This has totaled to $960,708,616 worth of loss for U.S businesses.
The above link leads to a site containing articles that analyze how real companies fell victim to BEC scandals.
The IC3 has found that there are several commonalities that the victimized companies share in their BEC complaints. These characteristics include the following:
• Fraudulent e-mails look nearly identical to an actual e-mail request
• Hackers often accessed personal e-mail accounts
• Employees responsible for making wire transfers were targeted
• Fraudulent e-mails were “well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request”
How to protect your business?
Knowing how often this offense occurs and how much companies stand to lose, what are some ways you can begin to effectively protect your business? Here is a short list of things you and your company can do to lower your risk of being compromised.
• Consider utilizing a two factor authentication to access employee e-mail accounts
• Educate staff on the risk of being hacked
• Recognize your customer’s usual habits to ward off any unusual behavior
• Verify larger transactions through another form of communication, like a phone call
• Understand the importance of being suspicious of desires for rapid or undisclosed transfers
What to do if you are victimized?
If your company ever has the misfortune of becoming a victim of BEC, four actions should be taken swiftly.
1. Contact your financial institution. They may be able to discover where the fraudulent transfer was sent.
2. Your local Federal Bureau of Investigation (FBI) office should be contacted next to possibly help return or freeze the transferred amount.
3. A complaint should be filed with the IC3 at the link below. These complaints are filed into a database that can help to identify the attacker and also recognize trends used to educate companies about the existing threats to online security.
4. Finally, use this attack as a teaching and learning experience to educate employees. Raising awareness can help prevent future e-mail related cyberattacks.