Protecting My Business Against Wire Transfer Fraud
Protecting my business against wire transfer fraud
Every year businesses in the U.S. lose millions of dollars to fraudsters who use a specific wire transfer scam called Business Email Compromise (BEC). Also known as “Man-in-the-Email,” BEC is an incredibly calculated and thoroughly researched threat. Fraudsters target businesses that either frequently perform wire transfers or work with foreign suppliers. If your company could be at risk, we’re here to help you defend your business against wire transfer fraud.
Who are the victims of wire fraud?
Victims of wire fraud can be businesses of all sizes. With nearly 6,000 (and counting) Business Email Compromise victims recognized around the world by the FBI, BEC also affects customers, employees, suppliers and many financial institutions.
There are a few ways BEC can happen:
- A customer is contacted by phone, fax or email by a fraudster who then changes the payment location on the invoice
- The fraudster hacks a business executive’s email account and then contacts employees requesting wire transfers
- The fraudster hacks the employee’s email and contact list when a company requests invoice payments from multiple vendors
Is it easy to identify BEC?
Business Email Compromise can be cleverly masked if individuals aren’t careful with information. Here are some examples:
- Phrases such as “code to admin expenses” or “urgent wire transfer” are commonly seen
- IP addresses usually trace back to domains that have been registered for free
- Fraudsters often use company logos, letterheads, invoice formats and signatures of employees to increase believability
- Fraudulent emails received could directly align with business executives’ travel dates
- Spoofed or hacked emails closely resemble legitimate emails
How can you protect your company?
Although Business Email Compromise continues to be a major issue, especially in the United States, there are ways businesses can work to help protect funds and information, such as:
- Avoiding free, web-based email accounts
- Being suspicious of requests for secrecy or pressured activity
- Considering a more complex verification process for certain IT or financial procedures
- Identifying a more complex authentication process for official company email accounts
- Deleting spam