Business Email Compromise – Crystal Taylor-Baker

Business Email Compromise – Crystal Taylor-Baker


– Business email compromise,
also known as BEC, is a sophisticated scam
that targets businesses. It is carried out when
a fraudster compromises a legitimate business email account. This can be done through
social engineering and often times, by computer hacking. Their ultimate goal is to deceive someone within an organization and
get them to transfer funds or provide sensitive data. An effective business
email compromise attempt may involve an infected computer system. Hackers gain access through malware delivered by email to an employee. They do this through the
illegal online purchase of compromised user credentials or through social
engineering of an employee. Once the email is compromised,
the scenarios vary. Here are some common ones. (upbeat music) A company’s CEO or controller’s
email accounts are hacked or spoofed and fraudulent emails are sent within the company
requesting wire payments. The employee assumes the
request is legitimate and authorizes a funds transfer. (upbeat music) Vendor email accounts are compromised and payment instructions for
legitimate invoices are changed to the fraudster controlled account. Based on the email from the fraudster, the company pays the legitimate invoice to the fraudster’s account. (upbeat music) Scammers pose as lawyers and law firms requesting secret, time sensitive wires, such as a confidential purchase of a business or other assets. The employee authorizes the funds transfer to the fraudster’s account
believing they have performed a legitimate, confidential transaction. (upbeat music) Fraudsters pose as a
title company or realtor with the intent of
misdirecting funds associated with a legitimate real estate closing. The target receives an
email with wire instructions for a legitimate real estate transaction. Upon authorization, the
wire goes to the fraudster rather than the appropriate account. While many business email
compromise scams focus on transferring funds, some
may target organizations such as schools, daycares, hospitals, and assisted living facilities for the purpose of obtaining
personal information. This includes social security numbers, date of birth, or wage and tax information that can be used in future scams. How do you respond to a BEC? To prevent the loss of
funds and information, always verify requests
through a phone call or a text at the number known to you, not one supplied in the email. According to the FBI, only 1/3 of business email compromise
frauds have some amount of funds returned, leaving
over 66% unrecovered. After discovering a fraud, it is important to act quickly to improve the chance of recovery. Your first step is to
immediately contact your bank and request a wire recall. Second, contact a
cybersecurity professional. They should be able to determine
the point of compromise, network security status and whether the email
was spoofed or hacked. Third, change your email
and online banking passwords from a known, safe network. Next, report the crime to
both your local FBI office and to www.ic3.gov. Prepare to be targeted again. Review internal processes and policies. Work with your bank and
cybersecurity professional to mitigate losses if targeted again. Fraudsters sometimes
think if it worked once, it will work again. Thank you for watching. To learn more, please
visit oldnational.com. (upbeat music)

You May Also Like

About the Author: Oren Garnes

Leave a Reply

Your email address will not be published. Required fields are marked *