Business email compromise (BEC) is a growing threat that has caused losses of billions of dollars from businesses of all sizes. According to the FBI, total identified losses have increased over 2300% from January 2015 to December 2016. A common approach to this attack includes sending an email to the finance or accounts payable department, which is spoofed (or faked) to appear to be sent from someone with authorization to send funds, such as the CEO or CFO of the company.
Other methods involve a compromised email account of a person who regularly sends these requests internally. The criminal then uses this access to send a fraudulent request to the finance department to release the funds. In this method, the criminal can obtain information from the compromised account to make the request more believable, such as using language that is common for these requests and copying email signatures exactly.
No matter the method, the results are the same. The business is often out of thousands or even hundreds of thousands of dollars. Unfortunately, recovery of this money is often impossible.
While First Mid uses a variety of processes and procedures to help protect you from fraud, it’s important that you do everything you can to help protect yourself. Some things to consider include:
- Implement internal processes and procedures to prevent these attacks.
- Train your employees on how to identify these fraudulent requests.
- Red flags can include poor spelling and grammar, but sophisticated attacks will not include these easy to spot warnings.
- The requests often include a sense of urgency and instructions to only communicate via email.
- Pay careful attention to new payees or abnormal dollar amounts.
- Do not rely on email alone to authorize transactions.
As always, if you have any questions you can contact us for help.
