Business Email Compromise is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The perpetrators monitor business executives’ or employees’ email accounts and then initiate fraudulent emails that appear to be from those executives and employees requesting wire transfers in attempt to steal money. The fraudulent wire transfer payments are sent to foreign and domestic banks and may be transferred several times but are usually quickly dispersed.To help protect you and your business from becoming victims:
- Avoid Free Web-Based Email: Establish a company website domain and use it to establish company email accounts in lieu of free, web-based accounts.
- Be careful what is posted to social media and company websites, especially job duties/descriptions and hierarchical information.
- Be suspicious of requests for secrecy or pressure to take action quickly.
- Consider additional IT and Financial security procedures and two-step verification processes. For example:
- Out of Band Communication: Establish other communication channels, such as telephone calls, to verify significant transactions.
- Digital Signatures: Both entities on either side of transactions should use digital signatures when whenever possible.
- Delete Spam: Immediately delete unsolicited email (spam) from unknown parties. Do NOT open spam email or click on links in the email.
- Forward vs. Reply: Reply by forwarding your email instead of using the “reply” option and either type in the correct email address or select it from the email address book.
- Significant Changes: Beware of sudden changes in business practices. For example, if a current business contact suddenly asks to be contacted via a personal email address when previous official correspondence has been on a company email, the request could be fraudulent. Always verify via other channels that you are still communicating with your legitimate business partner.