Bussiness
What is Business Email Compromise? The scam that leads to billions of dollars lost each year
Criminals have been targeting businesses and individuals to try and scam them out of their hard-earned money for years.
With technology continuing to evolve, so has the tactics and techniques of scammers and every year, it seems criminals become more sophisticated in their means.
A scam that is becoming increasingly common and leads to billions of dollars in losses each year is what is known as BEC, or Business Email Compromise.
What is BEC?
The Federal Bureau of Investigation (FBI) explains Business Email Compromise is a sophisticated scam targeting both businesses and individuals who perform transfer-of-funds requests.
“The scam is frequently carried out when an individual compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds. Often times BEC variations involve compromising legitimate business email accounts and requesting employees’ Personally Identifiable Information in order to compromise other accounts that may be related to other scams,” the FBI explains.
In other words, a scammer will send an email or other form of communication which appears to be from a legitimate source. They will do this in an attempt to trick people into paying fraudulent invoices, wiring money, or divulging sensitive information.
The FBI says BEC is responsible for billions of dollars lost every year. Between October 2013 and December 2023, the FBI says over $55 billion was lost to this type of scam across the globe.
How you can protect yourself?
The FBI offers these tips to help protect yourself:
-
Use secondary channels and/or two-factor authentication to verify requests for changes in account information.
-
Use unique passwords/passphrases. Make sure to use a unique password for every online service you use and try to change your passwords/passphrases periodically.
-
Ensure the URL in emails is associated with the business/individual it claims to be from.
-
Be alert to hyperlinks that may contain misspellings of the actual domain name.
-
Refrain from supplying login credentials or personal identifiable information (PII) of any sort via email. Be aware that many emails requesting your PII may appear to be legitimate.
-
Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.
-
Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed.
-
Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.
If you do discover a fraudulent transfer, time is of the essence. The FBI says to Immediately contact your financial institution and request a recall of the funds along with any necessary indemnification documents.
They also say regardless of if you lose money or not, you should file a complaint with them. You can do so here.
Copyright 2024 by KPRC Click2Houston – All rights reserved.