BBB Scam Alert

The Explosion of Business Email Compromise (BEC) Scams The FBI recognizes at least six types of activity as Business Email Compromise (BEC) fraud. The types differ by who appears to be the email sender: 1.  The CEO directing the CFO to wire money to someone. 2.  Vendors or suppliers asking that invoice payment be made to a different bank account. 3.  Executives requesting copies of employee tax information such as W-2 forms in the U.S. 4.  Realtors, title companies or lawyers redirecting proceeds from sales of homes or other real estate into a new account. 5.  Senior employees seeking to have their pay deposited into a new bank account. 6. An employer or clergyman appealing to the recipient to buy gift cards on their behalf. How often does BEC occur BEC fraud is the biggest source of losses reported to the FBI’s Internet Crime Complaint Center (IC3) and has been for several years.  IC3 receives complaints from all 50 states and 150 countries, but most come from U.S. victims. Canada’s Competition Bureau has also warned about BEC fraud. The Canadian Anti-Fraud Centre collects complaints on this subject. The complaints received may be only the tip of the iceberg; much of this fraud is not reported.  Anatomy of a Business Email Compromise Fraud There are essentially three steps to operating a BEC fraud. 1.  Fraud gangs need the names of people within an organization, their job function and their email username and password. 2.  They must send emails directly to people, impersonating a trusted superior or partner and seeking money. 3.  They need a way to obtain money sent by victims. Each of these are specialized functions, and fraud gangs may even hire third parties to help them with these efforts. What can you do to protect your organization from BEC fraud? All organizations face a serious risk of BEC fraud, and the fraud gangs are very smart and innovative. They need only succeed in a small number of their attempts to make this fraud profitable. And organizations that have not suffered a loss may believe the steps they have been taking are effective, even though the frauds are evolving and increasing. Some businesses may be concerned that money spent on IT precautions is simply additional overhead. But BEC fraud prevention is just as important as door locks, fences and other efforts to protect physical assets. However, we can’t rely solely on technology to prevent phishing emails. We need to learn how to recognize and avoid responding to them. Fortunately, there are several key steps that are free or cost very little and that will go a long way in preventing BEC fraud.

What should you do if your organization has lost money to a BEC fraud? ·     If an organization finds that it has been a victim of a BEC fraud, it needs to immediately call its bank to stop the payment and report it to the FBI in the U.S. or the Canadian Anti-Fraud Centre in Canada. If a report is filed within 48 hours, there is a chance the money can be recovered. ·     Complain to the FBI’s Internet Crime Complaint Center. IC3 also asks people to report unsuccessful BEC attempts as well. Information from attempts may help establish patterns or identify mule bank accounts. ·     Complain to the Canadian Anti-Fraud Centre: 1-888-495- 8501. ·     Report fraud to BBB Scam Tracker.

To the read the full BBB article, which includes stories of businesses who have been impacted by BEC as well as the full list of recommendations to protect your business click here! To check out an additional resource on how to protect your business for scams check out the article"Protecting Small Business from Imposters" from the Fedral Trade Commssion here!