08 SECURITY | The rising threat of Business Email Compromise: Don’t be a victim!

Hosts Shye Gilad and Craig Moen discuss a case in which a client was defrauded for $50,000 via “Business Email Compromise” (BEC), an organized international crime scam that has victimized more than 7,000 U.S. companies since 2013 alone—with total dollar losses exceeding $740 million.

Learn the FBI’s recommended best practices you can implement now to reduce the risk of this serious threat to your business.


How to Avoid Becoming a Victim of a BEC Scam

In October 2013, the Internet Crime Complaint Center (IC3) began receiving complaints from businesses about trusted suppliers requesting wire transfers that ended up in banks overseas—and turned out to be bogus requests. Since then, losses from the business e-mail compromise (BEC) scam have been significant.

“For victims reporting a monetary loss to the IC3, the average individual loss is about $6,000,” said Ellen Oliveto, an FBI analyst assigned to the center. “The average loss to BEC victims is $130,000.” IC3 offers the following tips to businesses to avoid being victimized by the scam (a more detailed list of strategies is available at www.ic3.gov):

- Verify changes in vendor payment location and confirm requests for transfer of funds.

- Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked.

- Be careful when posting financial and personnel information to social media and company websites.

- Regarding wire transfer payments, be suspicious of requests for secrecy or pressure to take action quickly.

- Consider financial security procedures that include a two-step verification process for wire transfer payments.

- Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.

- If possible, register all Internet domains that are slightly different than the actual company domain.

- Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes.

Source: https://www.fbi.gov/news/stories/2015/august/business-e-mail-compromise/business-e-mail-compromise