Tips for Business Email Compromise (BEC)

Email is by far the most common way for a business to communicate. Business Email Compromise (BEC) is a phishing email that targets businesses. Email is by far, the most common way for a business to communicate within the organization and with outside vendors or partners so this is a big threat. Since 2016, there has been over $43 billion lost to BEC scams. There are 5 types of BEC types, but there are a few below.

Business Email Compromise (BEC) – A type of phishing attack that targets an employee within an organization. An email is sent to trick someone into divulging sensitive information or to steal money. They will either impersonate someone you know or convince you that they can be trusted.

Types of Business Email Compromises

• Data Theft – A criminal will use this to collect information. They will find either a phone number or an email address that they can use to further scam the business.
• False Invoice – A criminal will pose as a well-known vendor and send a fake, urgent invoice to an owner or an accounts payable employee. They will ask that the payment be sent to a different checking account usually at a different bank. Once the money is sent, they will drain the account.
• CEO Fraud – A spoofed email where the criminal is masquerading as a CEO. They will ask employees to either send information, send money, or purchase gift cards on behalf of the CEO. Once the gift cards are purchased, the “CEO” will ask for the serial numbers.
• Lawyer Impersonation – These emails have a sense of urgency to them. A criminal will pose as a lawyer and send a link or attachment through email. They will say that it is time sensitive, and you need to open the link or attachment. Opening the attachment can expose a computer to malware.
• Account Compromise – An employee’s email is compromised and used to scam someone else. Once a criminal has access to an employee’s email, they can send of BEC emails to their contacts posing as that employee.

How to spot a BEC Email

Sometimes it can be hard to identity a BEC email but there are a few things to look for. Criminals may be able to use a co-worker’s email, but that does not mean they write emails like your co-workers. When reading through an email take note of the following:

• The composed email does not sound like the sender.

The sender of the email will try to imitate a higher executive, but they will use generic terms to address you and they might misspell words within the email. They will send urgent requests in the hope that you will overlook that the request is out of place.

• You can only contact the sender through emails.

Be suspicious of contacts that only want to converse through emails or text messages. Always ask for a phone number and call it to verify that it is a good number. 

• Changes to account numbers or banks are requested.

If you receive an email from a known vendor and requesting changes to the account you send payments to, call the vendor to verify. If you send the money to the fake business account, you may never recover that money.

• You’re asked to keep the conversation secret.

If the sender of an email asks that you keep the conversation secret, you should be wary. Sometimes criminals will ask you to transfer money with urgency, but to not disclose the transaction to anyone because it is a surprise.  After this request, they could go dark and be unreachable.

How to Report a BEC Scam

If you become a victim of a BEC scam, the FBI say you need to act quickly. You will need to contact your financial institution as soon as possible. They will be able to contact the bank where the money was transferred to and try to get your money back. There is a chance that you will be able to recover the money, but it is unlikely. You will also need to contact your local FBI office to report the crime. Lastly, File a complaint with the FBI’s Internet Crime Complaint Center.

Fidelity Bank has multiple local branch offices throughout Lackawanna and Luzerne counties, and our full-service Client Care Center is at your service. Call or visit your local branch office today.