Business Email Compromise (BEC) is crime that can be devastating for companies. BEC occurs when a criminal sends an email that appears to be from a person or a business that is known to the company. Per the FBI’s website page “SCAMS AND SAFETY” here are some examples of how the bad guys send fraudulent emails:
- “A vendor your company regularly deals with sends an invoice with an updated mailing address.”
- “A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.”
- “A homebuyer receives a message from his title company with instructions on how to wire his down payment.”
Unfortunately, many people become targets of these types of scams and end up paying out money to the perpetrator(s).
Here are some methods the cybercriminals use to carry out BEC:
- Malware: Malware is software that is meant to cause damage and/or gain unauthorized entry to a computer system. These cybercriminals may use malware to gain unauthorized and undetected access to a company’s network, emails and financial information. Company passwords can also be retrieved using malware.
- Email Spoofing: The bad guys may slightly change a familiar email address to resemble a genuine one for example: firstname.lastname@example.org is manipulated to email@example.com.
- Spear phishing emails: This method is when the perpetrator sends an email appearing to be from a well-known source. The email is used to extract private information about a company. This information helps the perpetrator gather data to perform Business Email Compromise scams.
If your company becomes a BEC victim, you should take immediate action:
- Have your financial institution contact the other financial institution where the transfer was sent.
- Report the crime to your local FBI field office.
- File a complaint with the FBI’s Internet Crime Complaint Center(IC3)
- If you receive an unrequested email or text that asks you to update or authenticate account information, do not click on it. Contact the company directly to confirm if the email is genuine (do call the phone number in the email or text).
- Do not click on any email or text links or download attachments from someone you do not know. Always be suspicious of any attachments forwarded to you.
- Always set up two-factor (or multi-factor) authentication on any account that allows this important security measure
- Revealing private information on social media (like your birthday, schools you attended or info about your family) can help the bad guys guess your passwords or security question answers to personal accounts. Always be cautions of what you share online.
- Thoroughly check link addresses (URL’s), email addresses and the spelling used in text/email correspondences.
If you have any questions about BEC or any type of other email compromises, Cantrell’s Computer Sales & Service is here for you. Please contact us at 925-827-1200. We can help your company avoid being a victim of a cybercrime. Contact us if you wish to have a business cybersecurity assessment and dark web scan.