The Dark Web criminals have found a pot of gold and it exists in your email server. Business Email Compromise (BEC) in simple words is the utilization of a company’s emails to create a transaction to direct wire transfer funds from a bank account to an account they control. This can be either domestic or international.
These types of crimes have seen a rapid increase in the last few years. According to the FBI’s internet crime complaint center (IC3), “the BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300% increase in identified exposed losses, now totaling over $3 billion.”
What are you doing to minimize the risk this could happen to you?
First of all, you need to assume that some deviate third party is in your email server. Why? Because they’re in all of ours. The use of malware in today’s digital environment is a constant. If you are in receipt of an email directing a financial transaction from within your company it is a mistake to assume it is legitimate.
There are two ways to assure this is a valid request:
A third safe guard is to require the bank to contact you prior to executing any transaction to confirm its legitimacy as well as the account number(s) the transaction is going to.
All of these safe guards will hopefully eliminate the possibility that you will be the victim of a financial crime. Protection is available in the form of an insurance rider to your Cyber or Crime policy to protect the company in the event this crime does occur. Check with a Connor & Gallagher insurance agent to make sure you have this coverage in place.
Written by Tom Connor, Principal at Connor & Gallagher OneSource (CGO)
This blog post is not intended to be exhaustive nor should any discussions or opinions be construed as legal advice - it is intended for educational and/or informational purposes only.
Here are some additional tips, compliments of the FBI:(source https://www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise)
The organized criminal groups that engage in business e-mail compromise scams are extremely sophisticated. Here are some of the online tools they use to target and exploit their victims:
If you or your company have been victimized by a BEC scam, it’s important to act quickly. Contact your financial institution immediately and request that they contact the financial institution where the fraudulent transfer was sent. Next, call the FBI, and also file a complaint—regardless of dollar loss—with the FBI’s Internet Crime Complaint Center (IC3).
The business e-mail compromise scam has resulted in companies and organizations losing billions of dollars. But as sophisticated as the fraud is, there is an easy solution to thwart it: face-to-face or voice-to-voice communications.
“The best way to avoid being exploited is to verify the authenticity of requests to send money by walking into the CEO’s office or speaking to him or her directly on the phone,” said Special Agent Martin Licciardo. “Don’t rely on e-mail alone.”
Here are other methods businesses have employed to safeguard against BEC: