Business Email Compromise (BEC) Scams: 10 Types, Q&A, Preventing And Reporting

FraudsWatch.com

&NewLine;<p><strong>Business Email Compromise &lpar;BEC&rpar;<&sol;strong>&comma; also known as <em>Email Account Compromise &lpar;EAC&rpar;<&sol;em>&comma; is a type of <a href&equals;"https&colon;&sol;&sol;www&period;fraudswatch&period;com&sol;tag&sol;phishing&sol;" data-type&equals;"URL" data-id&equals;"https&colon;&sol;&sol;www&period;fraudswatch&period;com&sol;tag&sol;phishing&sol;">phishing attack<&sol;a> that targets organizations&comma; with the goal of stealing money or critical information&period; In a BEC scam&comma; criminals send an email message that appears to come from a known source making a legitimate request&comma; such as&colon;<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<ul class&equals;"wp-block-list">&NewLine;<li>A vendor your company regularly deals with sends an invoice with an updated mailing address&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li>A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li>A customer service representative asks you to update your personal information&comma; such as your credit card number or Social Security number&period;<&sol;li>&NewLine;<&sol;ul>&NewLine;&NewLine;&NewLine;&NewLine;<p>The email may contain a link that&comma; when clicked&comma; will take the victim to a fake website that looks like the real website of the company they are supposedly doing business with&period; Once the victim enters their personal information on the fake website&comma; the criminals can steal it&period;<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<p>BEC scams are on the rise&comma; and they are one of the most financially damaging online crimes&period; In 2022&comma; the FBI received over 24&comma;000 complaints about BEC scams&comma; with losses totaling over &dollar;2&period;4 billion&period;<&sol;p>&NewLine;&NewLine;&NewLine;&NewLine;<h2 id&equals;"10-types-of-business-email-compromise-bec-scams" class&equals;"rb-heading-index-0-93448 wp-block-heading">10 Types of Business Email Compromise &lpar;BEC&rpar; Scams<&sol;h2>&NewLine;&NewLine;&NewLine;&NewLine;<ol class&equals;"wp-block-list">&NewLine;<li><strong>CEO Fraud<&sol;strong>&colon; Impersonating a high-level executive&comma; the scammer requests an urgent wire transfer from an employee&comma; typically in the finance department&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Account Compromise<&sol;strong>&colon; An employee&&num;8217&semi;s email account is hacked and then used to make requests for invoice payments to fraudulent bank accounts&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Fake Invoice Scheme<&sol;strong>&colon; Scammers send a fake invoice to a company&&num;8217&semi;s billing department&comma; with the payment instructions directed to a fraudulent account&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Vendor Email Compromise<&sol;strong>&colon; A legitimate vendor&&num;8217&semi;s email account is compromised and used to send fake invoices to the company&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Data Theft<&sol;strong>&colon; Scammers target employees with access to sensitive information&comma; such as HR records or <a class&equals;"wpil&lowbar;keyword&lowbar;link" href&equals;"https&colon;&sol;&sol;www&period;fraudswatch&period;com&sol;tag&sol;financial-fraud&sol;" title&equals;"financial" data-wpil-keyword-link&equals;"linked" data-wpil-monitor-id&equals;"1028">financial<&sol;a> data&comma; to gain unauthorized access&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Attorney Impersonation<&sol;strong>&colon; The scammer poses as a lawyer or legal advisor and requests confidential information&comma; often under the guise of an urgent or sensitive legal matter&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Payroll Diversion<&sol;strong>&colon; An employee&&num;8217&semi;s direct deposit information is altered&comma; sending their salary to a fraudulent bank account&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Tax Fraud<&sol;strong>&colon; Fraudsters use stolen employee information to file <a href&equals;"https&colon;&sol;&sol;www&period;fraudswatch&period;com&sol;tag&sol;tax-fraud&sol;" data-type&equals;"URL" data-id&equals;"https&colon;&sol;&sol;www&period;fraudswatch&period;com&sol;tag&sol;tax-fraud&sol;">false tax returns<&sol;a> and claim refunds&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Real Estate BEC<&sol;strong>&colon; Scammers target real estate transactions&comma; such as closings&comma; and alter the payment instructions to divert funds to fraudulent accounts&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>M&amp&semi;A Fraud<&sol;strong>&colon; Emails from scammers posing as executives or consultants involved in mergers and acquisitions request sensitive information or funds transfers&period;<&sol;li>&NewLine;<&sol;ol>&NewLine;&NewLine;&NewLine;&NewLine;<h2 id&equals;"10-qampa-on-business-email-compromise-bec-scams" class&equals;"rb-heading-index-1-93448 wp-block-heading">10 Q&amp&semi;A on Business Email Compromise &lpar;BEC&rpar; Scams<&sol;h2>&NewLine;&NewLine;&NewLine;&NewLine;<ol class&equals;"wp-block-list">&NewLine;<li><strong>Q&colon; What is a BEC scam&quest;<&sol;strong><br>A&colon; A BEC scam is a type of fraud where scammers use email to impersonate someone within a company or business relationship to trick employees into transferring funds or sharing sensitive information&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Q&colon; How do BEC scams work&quest;<&sol;strong><br>A&colon; BEC scams typically involve email spoofing&comma; <a href&equals;"https&colon;&sol;&sol;www&period;fraudswatch&period;com&sol;social-scams-and-fraud-the-latest-threat&sol;" data-type&equals;"URL" data-id&equals;"https&colon;&sol;&sol;www&period;fraudswatch&period;com&sol;social-scams-and-fraud-the-latest-threat&sol;">social engineering<&sol;a>&comma; and sometimes malware or phishing to gain access to email accounts or deceive employees into taking fraudulent actions&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Q&colon; Who is targeted in BEC scams&quest;<&sol;strong><br>A&colon; BEC scams often target employees with access to company finances or sensitive information&comma; including those in finance&comma; HR&comma; and executive roles&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Q&colon; How can I recognize a BEC scam&quest;<&sol;strong><br>A&colon; Look for unusual or urgent requests&comma; discrepancies in email addresses or domain names&comma; and changes in payment instructions or account information&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Q&colon; What should I do if I suspect a BEC scam&quest;<&sol;strong><br>A&colon; Verify the request through another channel&comma; such as a phone call&comma; and report your suspicions to your IT or security department&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Q&colon; How can I prevent BEC scams&quest;<&sol;strong><br>A&colon; Implement email security best practices&comma; provide employee training&comma; and establish protocols for verifying and approving financial transactions and changes to sensitive information&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Q&colon; What are the financial impacts of BEC scams&quest;<&sol;strong><br>A&colon; BEC scams can result in significant financial losses for businesses&comma; as well as reputational damage and potential legal liabilities&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Q&colon; How do scammers choose their targets&quest;<&sol;strong><br>A&colon; Scammers often use publicly available information&comma; such as company websites and social media&comma; to identify potential targets and gather information to craft convincing emails&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Q&colon; How do scammers gain access to email accounts&quest;<&sol;strong><br>A&colon; Scammers may use phishing attacks&comma; social engineering&comma; or malware to compromise email accounts and gather information for their scams&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li><strong>Q&colon; What should I do if my company has fallen victim to a BEC scam&quest;<&sol;strong><br>A&colon; Report the incident to law enforcement&comma; notify your financial institution&comma; and take steps to secure your email accounts and systems&period;<&sol;li>&NewLine;<&sol;ol>&NewLine;&NewLine;&NewLine;&NewLine;<h2 id&equals;"preventing-and-reporting-bec-scams" class&equals;"rb-heading-index-2-93448 wp-block-heading">Preventing and Reporting BEC Scams<&sol;h2>&NewLine;&NewLine;&NewLine;&NewLine;<h3 id&equals;"preventing-bec-scams" class&equals;"rb-heading-index-3-93448 wp-block-heading">Preventing BEC Scams<&sol;h3>&NewLine;&NewLine;&NewLine;&NewLine;<ol class&equals;"wp-block-list">&NewLine;<li>Implement multi-factor authentication for email accounts&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li>Train employees to recognize and report suspicious emails and requests&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li>Establish protocols for verifying and approving financial transactions and changes to sensitive information&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li>Use email security tools to detect and block phishing and spoofing attempts&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li>Limit the amount of publicly available information about your organization and employees&period;<&sol;li>&NewLine;<&sol;ol>&NewLine;&NewLine;&NewLine;&NewLine;<h3 id&equals;"reporting-bec-scams" class&equals;"rb-heading-index-4-93448 wp-block-heading">Reporting BEC Scams<&sol;h3>&NewLine;&NewLine;&NewLine;&NewLine;<ol class&equals;"wp-block-list">&NewLine;<li>Report the scam to your organization&&num;8217&semi;s IT or security department&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li>If funds have been transferred&comma; contact your financial institution immediately&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li>Report the incident to your local law enforcement agency&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li>File a complaint with the FBI&&num;8217&semi;s <a href&equals;"https&colon;&sol;&sol;complaint&period;ic3&period;gov&sol;" data-type&equals;"URL" data-id&equals;"https&colon;&sol;&sol;complaint&period;ic3&period;gov&sol;">Internet Crime Complaint Center &lpar;IC3&rpar;<&sol;a> at www&period;ic3&period;gov&period;<&sol;li>&NewLine;&NewLine;&NewLine;&NewLine;<li>Notify any affected clients&comma; vendors&comma; or partners to help prevent further damage and loss&period;<&sol;li>&NewLine;<&sol;ol>&NewLine;&NewLine;&NewLine;&NewLine;<p>More About &&num;8220&semi;BEC Scams&&num;8221&semi; <a href&equals;"https&colon;&sol;&sol;www&period;fbi&period;gov&sol;how-we-can-help-you&sol;safety-resources&sol;scams-and-safety&sol;common-scams-and-crimes&sol;business-email-compromise" data-type&equals;"URL" data-id&equals;"https&colon;&sol;&sol;www&period;fbi&period;gov&sol;how-we-can-help-you&sol;safety-resources&sol;scams-and-safety&sol;common-scams-and-crimes&sol;business-email-compromise">Here&&num;8230&semi;<&sol;a><&sol;p>&NewLine;

Share This Article
Follow:
FraudsWatch is а site reporting on fraud and scammers on internet, in financial services and personal. Providing a daily news service publishes articles contributed by experts; is widely reported in thе latest compliance requirements, and offers very broad coverage of thе latest online theft cases, pending investigations and threats of fraud.
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Exit mobile version