In the era of remote work and COVID, the FBI has seen an increase in the amount of Business Email Compromise scams targeting companies. These scams specifically target employees who have the ability to authorize the transfer of funds for the business.
Often these fraudsters will do their research before attacking, taking the time to learn the names and email addresses of owners and accountants. They will then imitate one of these people, either by manipulating them into giving up their password (phishing) or by mimicking their email address with one very similar, often only a single letter off from the real one. The fraudsters then request funds be redirected to an account they will later access, often one with no direct ties to any real person.
Protect your company by being vigilant against these types of scams. When reviewing a request that involves wiring money or ACH information, keep a lookout for:
– Unexpected urgency
– Unexplained changes to ACH info
– Requests to change the method of communication to a different email address
– If challenged to call in to make the request, provides an excuse for why they can only email
– Requests from employees to change direct deposit information
If you receive an email with any of these red flags, it’s vital to determine if it’s a genuine request or not. The easiest way to do so is over the phone. Call the sender at a publicly-published phone number – don’t necessarily trust the one in their signature, in case the fraudster has changed that as well. Be sure to closely verify the email address on any such request, even if it seems legitimate.
If you ever discover that you have been victim to a Business Email Compromise scam, immediately contact your financial institutions to let them know and halt any potential transfers. The FBI provides a website where you can file a complaint should such an event occur as well, available at ic3.gov.
At Layered Systems, we take your company’s security very seriously. We work with our customers to implement top-of-the-line security solutions to help protect against fraudsters and hackers. To learn more about protecting your company from the latest threats, Contact Us today.