Business email compromise
Business email compromise (BEC) is a form of phishing attack where a criminal impersonates an individual known to the victim via a business relationship and attempts to coerce the victim into transferring funds. It is sometimes referred to as invoice diversion and has been known to use other means of contact like Skype as well as standard email. BEC scams are a serious threat to businesses of all sizes and across all sectors globally, including non-profit organizations.
In the typical business email compromise scheme, the fraudsters send an email to an individual in the accounting or finance department of a company, posing as the representative of another company who are currently engaged in business, often in relation to an open invoice, requesting a wire transfer. The request is likely to include a change to previous arrangements such as a change to the beneficiary name and/or bank account. The fraudsters will likely provide reasons for the change in circumstances. The unsuspecting employee then initiates a fraudulent wire transfer in the requested amount to the bank account of the perpetrators’ choosing.
What are the signs and what can you do?
As a business you may be regularly receiving emails from your customers seeking payment for goods/services. It is those emails and the attached invoices that need to be thoroughly examined. The main warning signals or ‘red flags’ as they are sometimes referred to are as follows:
- Changes of country for the beneficiary bank.
- Changes to the beneficiary name either to an individual or combined with company.
- Reason given for change of beneficiary bank.
- Variant or new email address.
- Inconsistencies in the email such as times, font, spelling, grammar, structure.
- Invoices provided are not of standard of real invoices from supplier.
- Urgency of the ‘supplier’ during email exchanges.
A Business Email Compromise relies primarily on the change to the payment details previously associated with the customer. Whilst it is acknowledged that regular changes do occur which never result in fraud you can never be too careful. If you see any combination of the above ‘red flags’ in relation to a transaction you should look to contact your customer/supplier directly before completing the money transfer. Contact should be made via phone using contact details you have recorded for the customer. Do not rely on any contact details within the email you have become concerned about or any other electronic method for example text.
The following changes are possible indicators that you may be the victim of a business email compromise:
- When a supplier has been banking in the same country where they are based for several years then suddenly changes to another country with no clear connection.
- When they are changing the beneficiary name to that of an individual from a company name.
- When they provide convoluted reasons for the banking change.
- If the email address has changed.
- If the content of the email is different from what you are used.
- If the invoice looks ‘altered’ and unprofessional.
- If the customer/suppler is putting pressure on you to complete the wire transfer.
If you suspect you are the victim of a business email compromise, then speak to a Customer Service agent or your Account Manager.