How to recognize and avoid Business Email Compromise
How can you stop BEC before it affects your organization?
- Educate your staff. Educate all employees with any financial authority about scams like BEC. Fraud techniques are continually evolving, so security awareness training is not a one-time event. It needs to be ongoing to keep up with emerging issues.
- Review existing procedures. Consider new policies for approving unexpected payments or wire transfers, such as requiring confirmation for the transaction through some means other than email. For example, you might require the employee to call the executive on their cell phone – to a known number, not one provided in the email asking for the transfer – before initiating the payment. Ensure company executives are on board with these policies and agree not to punish employees who refuse to make exceptions.
- Use a code word. Establish a code word or security question that must be answered before any transfer can take place. This prevents the scammer from calling in with a spoofed number and posing as the executive. And never use the code word in an email, only over the phone.
- Be skeptical. Train employees to be suspicious of any unplanned transfers of money, wire transfers that must happen immediately, or transactions that must be kept a secret from other executives in the organization. Legitimate business transactions can always wait for appropriate verification.
If you do get caught up in a BEC scam, immediately contact your financial institution. You can also file a report with the FBI's Internet Crime Complaint Center (IC3).5 Your bank and the FBI may be able to recover the stolen funds if you notify them immediately.
BEC is a significant threat to businesses of all sizes. Familiarize yourself and your team with the risks of business email scams and make a concerted effort to protect your organization. Then everyone will be better prepared to make good decisions to protect the company.