Combating Business E-Mail Compromises
What would you do if an executive in your company contacts you directly by email and gives you instructions to wire money for a business expense? Many would satisfy the request immediately and move on to the next task at hand. Fraudsters know this and are using this type of strategy to steal millions of dollars.
What would you do if an executive in your company contacts you directly by email and gives you instructions to wire money for a business expense? Many would satisfy the request immediately and move on to the next task at hand. Fraudsters know this and are using this type of strategy to steal millions of dollars. It is known as Business E-mail Compromise (BEC).
This type of scam is being perpetrated on a global scale and targets those responsible for the movement of money within a company by instructing them to wire a large sum to a specific account. The email containing this request appears to come from an executive within the organization, lending validity to the scam and creating a sense of urgency. The fraudulent email request may even attach very realistic looking invoice or wire transfer instructions to the message. The scam usually requests an email confirmation when the transfer is complete which enables the fraudster to withdraw or move the funds immediately, negating the ability to recover the dollars.
Because these scams can look very professional, contain legitimate looking documentation, and appear to come from a known company executive, many savvy business professionals have fallen victim to this crime.
To help mitigate the risk of Business Email Compromise, we suggest implementing the following practices:
- Be suspicious of requests for secrecy or pressure to take action quickly even if the request is from someone you know and trust.
- Validate the legitimacy of an email request by personally speaking to the requester prior to executing any wire transfer.
- Avoid free Web-Based E-mail. Instead, purchase a company web site domain and use it to establish company e-mail accounts in lieu of free, web-based accounts.
- Be careful regarding posts to social media and company websites, especially job duties/descriptions, hierarchal information, and out of office details. This information is frequently used by the fraudster to help legitimize their requests.
- Beware of sudden changes in business practices. For example, if a current business contact suddenly asks to be contacted via their personal e-mail address when all previous official correspondence has been on a company e-mail, the request could be fraudulent.
- If something seems odd, stop and validate the legitimacy of the request. In most cases, once funds are wired, they are very difficult to retrieve.
If you would like additional information on this threat or ways in which you company could help mitigate the risks, please contact your Fifth Third Bank Relationship Manager.
The views expressed by the authors are not necessarily those of Fifth Third Bank, National Association and are solely the opinions of the authors. This article is for informational purposes only. It does not constitute the rendering of legal, accounting, or other professional services by Fifth Third Bank, National Association or any of their subsidiaries or affiliates, and are provided without any warranty whatsoever. Deposit and credit products provided by Fifth Third Bank, National Association. Member FDIC.