Fraud schemes continue to grow, evolve and target legitimate businesses, nonprofits, government and other public-sector organizations. One of the schemes is Business Email Compromise.
What is Business Email Compromise?
Business Email Compromise is when a legitimate business email account is either compromised or impersonated. The accounts are then used to order or request the transfer of funds. Fraudsters often compromise one of the business' officers and monitor his or her account for patterns, contacts or information. Once the officer is usually away on business, the compromised email account is used to send payment information.
How It's Done
Step One
Fraudsters monitor the officer's accounts for patterns, contacts and information.
Step Two
After identifying the target, ploys are conducted such as spear-phishing, social engineering, identity theft, email spoofing and the use of malware to either gain access to or convincingly impersonate the email account.
Step Three
Fraudsters uses the compromised email account to send payment instructions.
Step Four
Payment instructions direct the funds to an account controlled by the fraudster.
Avoid Being a Victim
- Educate and train employees to recognize, question and independently authenticate changes in payment instructions, requests for secrecy or pressure to take action quickly.
- Authenticate requests to make payment of change payment information.
- Review accounts frequently.
- Initiate payments using dual controls.
- Never provide password, username, authentication credentials or account information when contacted.
- Make impersonation harder by registering domains that closely resemble the company's actual domain.
- Do not click 'reply' when authenticating emails for payment requests. Instead, use the 'forward' option and type in the correct email address or select from a known address book.
"The best way to avoid being exploited is to verify the authenticity of requests to send money by walking into the CEO's office or speaking to him or her directly on the phone," said Special Agent Martin Licciardo. "Don't rely on email alone."
NACHA – The Electronic Payments Association is the steward of the ACH Network – one of the largest, safest and most reliable payment systems in the world. The ACH Network creates value and enables innovation by universally connecting all U.S. financial institutions, and moving money and information directly from one bank account to another.
