Cybercrimes can cause businesses to lose a lot of money if they become a victim. Provident State Bank wants to help companies to get ahead of scammers with this Protecting Against Fraud Series. In the first installment, we will highlight the scam Business Email Compromise (BEC), where fraudsters access a business email account and defraud the company by impersonating the email’s owner. The scammers try to trick employees with access to business finances to send wire transfers to a bank account that was thought to be trusted.
The attackers usually take the identity of someone from the corporate network and try to get employees to send money to the attacker’s account. Most victims come from companies that use wire transfers to pay clients and vendors. Usually, the scammers will impersonate an employee, who is out of the office, and the emails request an immediate wire transfer to a trusted vendor. An employee thinks the account is correct, but several of the account numbers have been slightly altered. Due to laundering techniques, funds could become difficult to recover if not detected in a timely manner. Our team at PSB has compiled a list of five forms of Business Email Compromise:
1) CEO Fraud: Attackers pose as the business CEO or an executive and asks for a money transfer to an account they control.
2) Account Compromise: A hacked employee’s email is used to request invoice payments to vendors’ accounts that are scam bank accounts.
3) False Invoice Scheme: Businesses with international suppliers get targeted with this tactic with scammers pretending to be a supplier requesting a fund transfer.
4) Attorney Impersonation: Attackers here impersonate a lawyer responsible for sensitive material. The scams usually occur at the end of the day via an email of a phone call.
5) Data Theft: Human resources and bookkeepers get targeted here to obtain sensitive information about executives or other employees that can be used for future attacks.
The good news is there are many ways to combat these fraud attacks, and our team at PSB has five techniques to help:
1) Confirmation Requests: Make a phone call to another team member or get an in-person verification about the transfer requests.
2) Careful Scrutiny: Be sure to check email requests to see if anything is out of the ordinary.
3) Intrusion Detection System Rules: Create a series of rules that flag emails with extensions for fraud prevention.
4) Email rules: Create a series of flags for email communications where the “reply” email address is different from the “from” email address shown.
5) PSB Cash Management Services: Fraud Preservation tools, such as Positive Pay and ACH Debit Filter, help you manage and stop unauthorized access to funds in your account. These service debits to your account are compared to your authorized transaction to ensure no funds are withdrawn without your approval.
While Business Email Compromise can be a danger, our staff at Provident State Bank is here to help you. For more information, inquire at your local branch today or visit our website at providentstatebank.com.
