How To Sidestep A Business Email Compromise Scam
Getting called into the CEO’s office can be nerve-wracking. What’s even scarier is getting an email from your CEO that’s actually coming from someone else posing as him or her. That’s what sophisticated scammers are doing at an alarming—and growing—rate in a newer type of cybercrime called business email compromise (BEC).
The FBI considers BEC, which the agency defines as a scam targeting businesses working with foreign suppliers and/or businesses regularly performing wire transfer payments, a serious threat. And they should. In 2018 alone, BEC was responsible for $1.2 billion in adjusted losses.
Here’s how it works. The cybercriminals compromise a business’s email system through social engineering (psychologically manipulating people to give out confidential info) or computer intrusion techniques. Once they’ve captured access to your network and email system through malware and spear-phishing (targeted) attacks, they might spend days, weeks or months becoming familiar with your company’s billing system and vendors with the end goal of conducting an unauthorized transfer of funds.
But here’s where they really take advantage: They also learn who specifically is making the payments, and they study the CEO and CFO’s travel schedule and email style. That’s so, once they’re ready to make their move, they can impersonate that person to authorize a payment.
Protect Your Payment System
There are a variety of best practices to circumvent BEC, but one of the basics is to talk face-to-face or to pick up the phone to confirm the request. Yes, email is simpler and faster, but if there’s ever a question about a transaction, don’t rely on email alone.
As with any online crime, raising awareness and providing employee education are essential first steps. Here are a few safeguards to share with your staff:
- Confirm changes. Whether it’s initiating a payment, transferring funds or updating vendor information, policies that require two-factor authentication or a secondary sign-off by another employee can provide extra protection and prompt a double-check of each change request.
- Flag the unfamiliar. You can use email rules and intrusion detection system rules to flag emails that don’t have quite the right extension or construction. For example, if your company uses email@example.com, set up a flag for firstname.lastname@example.org or email@example.com. You also can flag incoming emails that have a different “from” and “reply to” address.
- Identify internal and external. Color code virtual correspondence so e-mails from employee/internal accounts are one color and e-mails from non-employee/external accounts are another in employees’ inboxes.
If You’ve Been Compromised
First, understand that these are sophisticated scammers, and they are having a lot of success against a lot of companies. In fact, the Association for Financial Professionals, which has been tracking BEC for the past few years, reports:
- Approximately 80% of companies have been impacted, up from 64% in 2015.
- There’s been a 136% increase in identified global exposed dollar losses.
- BEC has been reported in all 50 states and in 150 countries.
If your company has been a victim of BEC, act quickly. The first step is to contact the originating financial institution to request a recall or reversal as well as a Hold Harmless Letter or Letter of Indemnity. Next, contact the FBI’s Internet Crime Complaint Center and file a complaint.
Download a Bridge Bank Fraud Prevention Checklist to avoid BEC Scams.
Bridge Bank, a division of Western Alliance Bank, Member FDIC, helps business clients realize their ambitions. Founded in 2001 in Silicon Valley, Bridge Bank offers a better way to bank for small-market and middle-market businesses across many industries, as well as emerging technology companies and the private equity community. Geared to serving both venture-backed and non-venture-backed companies, Bridge Bank delivers a broad scope of financial solutions including capital, equipment and working capital credit facilities, venture debt, treasury management, asset-based lending, SBA and commercial real estate loans, ESOP finance and a full line of international products and services. Based in San Jose, Bridge Bank has 16 offices in major markets across the country along with Western Alliance Bank’s powerful array of specialized financial services. Western Alliance Bank is the primary subsidiary of Phoenix-based Western Alliance Bancorporation. One of the country’s top-performing banking companies, Western Alliance has ranked in the top 10 on the Forbes “Best Banks in America” list for five consecutive years, 2016-2020, and was named #1 best-performing of the 50 largest public U.S. banks for 2019 by S&P Global Market Intelligence.
Recent NewsBridge Bank Extends $25,000,000 Credit Facility to Health-AdeCloudBolt Announces $35 Million in Series B FundingBridge Bank Hires Tech Banker Jon Berry, Builds on Growth Momentum in AustinBridge Bank Expands Equity Fund Resources Group Hires Dragomir Sipovic, Vice PresidentBridge Bank Extends $2MM Credit Facility to Miva, Inc.
Recent InsightsMasterClass Streams Inspiration When It's Needed MostLeaving LIBOR: 4 things to know about changing interest rate benchmarksRegional Intelligence Report Series: California OutlookRegional Intelligence Report Series: South Bay OutlookProtect Your Data: The Cybersecurity Webinar
“Not everybody can be famous but everybody can be great because greatness is determined by service… You only need a heart full of grace and a soul generated by love.” ~ Dr. Martin Luther King Jr. In observance of MLK Day, all Bridge Bank offices will be closed on Mon. 1/18. #MLK pic.twitter.com/rBAo4INJXBOur Technology Banking group recently provided a growth capital term loan to Funraise, a software company that provides a state-of-the-art fundraising platform, saving nonprofit organizations time and resources spent on data management. pic.twitter.com/StETyssfLeOur #Technology Banking group recently provided a credit facility to @DrinkHealthAde, an organic beverage company. To learn more details, read our press release. westernalliancebancorporation.com/bridge-bank-ho… - about 1 month 3 weeks ago pic.twitter.com/0eWWI16N08Our Technology Banking Group at Bridge Bank recently provided a credit facility to CloudBolt Software, an enterprise leader in cloud management and integration solutions. Visit westernalliancebancorporation.com/bridge-bank-ho… - about 2 months 5 days ago to learn more details. pic.twitter.com/8fzjGbAL6BWe honor all of the veterans who have served our country. Thank you. #HappyVeteransDay REMINDER: In observance of Veterans Day, all Bridge Bank offices will be closed on Wednesday, November 11. pic.twitter.com/IfoGP8ecCAWe would like to welcome Jon Berry to the Bridge Bank team! Jon supports our Technology Banking group and will be based in Austin. Read our press release to learn more. #technology #banking #Austin #Texas westernalliancebancorporation.com/bridge-bank-ho… - about 2 months 2 weeks agoIn observance of Columbus Day, all Bridge Bank offices will be closed on Monday, October 12. pic.twitter.com/BtX52D5RTPWe wish everyone a safe and relaxing #LaborDay holiday weekend. REMINDER: In observance of Labor Day, all Bridge Bank offices will be closed on Monday, September pic.twitter.com/09SIuoO7XGOur Technology Banking Group recently provided MIVA, an #ecommerce #software and service provider, with a credit facility. Read our press release to learn more: westernalliancebancorporation.com/bridge-bank-ho… - about 4 months 3 weeks ago #technologybanking pic.twitter.com/OUj49RdD5VOur Life Sciences Group is pleased to announce an upsized term loan for Fennec Pharmaceuticals, a pharmaceutical company focused on the development of PEDMARK™ (a unique formulation of Sodium Thiosulfate) for the prevention of ototoxicity from cisplatin in pediatric patients. pic.twitter.com/zrH2JslA27Stay safe as you celebrate #IndependenceDay. REMINDER: In observance of Independence Day, all Bridge Bank offices will be closed on Friday, July 3.” pic.twitter.com/EFLG0KJ3u5Our Technology Banking Group is pleased to announce that they have recently provided a credit facility to aPriori Technologies, a leading provider of design for manufacturability and cost (#DFM/DTC) solutions. #computersoftware #technology #banking pic.twitter.com/PuTYcnKMttLast chance to join us for what is sure to be one of the most interesting economic discussions in the history of this long-standing event, featuring economist, Dr. Christopher Thornberg & SJ Deputy City Manager, Kim Walesh Register now! #sjsueconsummit event.on24.com/wcc/r/2316585/… - about 8 months 3 days ago pic.twitter.com/sqxWOiCvsZThis Memorial Day, we honor and remember those who lost their lives while serving our country. REMINDER: In observance of Memorial Day, our offices will be closed on Monday, May 25. pic.twitter.com/Ae97NsXsDaThere’s still time to join us for what is sure to be one of the most interesting economic discussions in the history of this long-standing event, featuring keynote speaker and noted economist, Dr. Christopher Thornberg. Register today! #sjsueconsummit event.on24.com/wcc/r/2316585/… - about 8 months 1 week ago pic.twitter.com/TWo0MiGjijJoin us for what is sure to be one of the most interesting economic discussions in the history of this long-standing event, featuring keynote speaker and noted economist, Dr. Christopher Thornberg. Register today! #sjsueconsummit event.on24.com/wcc/r/2316585/… - about 8 months 1 week ago pic.twitter.com/pdtYAF2XrDBridge Bank’s #LifeSciences Group is proud to partner with iCAD, a global #medical #technology leader providing #innovative cancer detection and therapy solutions. bridgebank.com/lifesciences - about 8 months 3 weeks ago pic.twitter.com/oPIrnYlOTjCongratulations, @ArcturusRx on your big announcement and the accomplishments you and your team are achieving as you work on a vaccine for COVID-19. #COVID19 #coronavirus #vaccines #LifeSciences ir.arcturusrx.com/news-releases/… - about 9 months 2 weeks agoOur #LifeSciences team is proud to provide Valencell, a company that transforms the science of wearable #biometrics to enable impactful #health outcomes, with the creative #bankingsolutions they needed. pic.twitter.com/XCmNJpaVuvOrganizations of any size are at risk of data breaches or other types of #cybercrime, but you can defend yourself against #fraud by knowing the dangers and implementing best practices whether you’re #WFH or the office. #fraudawareness #cybersecurity westernalliancebancorporation.com/bridge-bank-ho… - about 9 months 3 weeks ago pic.twitter.com/bzKAaLYRGPLearn more about the several key initiatives we’re focused on right now. #WeAreInThisTogether #covid19 #CoronaVirus westernalliancebancorporation.com/~/media/pdfs/b… - about 9 months 3 weeks ago pic.twitter.com/ssOjI7DGnXCybercriminals are using concerns about COVID-19 to perpetrate scams – learn how to defend your organization against these scams and best practices to keep your business safe. #fraudawareness #cybersecurity #fraud #cybercrime #fraudprevention #WFH westernalliancebancorporation.com/bridge-bank-ho… - about 9 months 4 weeks ago pic.twitter.com/kZo07GPhVvBridge Bank is a proud sponsor of #FVCC2020, Florida’s largest statewide #VentureCapital Conference. pic.twitter.com/9l2lOPceVROur #LifeSciences Group helped @alluriontech create a customized #financialsolution to support their rapid growth. Allurion Technologies is a #medicaldevice company and creator of the Elipse™ Balloon, a breakthrough product in weight-loss technology. pic.twitter.com/OS96djwOA8Our Life Sciences Group welcomes Derek Scalf. Also, find out how to meet with our entire team during #JPM2020 westernalliancebancorporation.com/bridge-bank-ho… - about 1 year 2 weeks agoWe wish you peace, joy, and prosperity in the new year! #happynewyear2020 NOTICE: All Bridge Bank offices will be closed on Wednesday, January 1st in observance of New Year's Day. pic.twitter.com/B8efpD0GlQREMINDER: In observance of Christmas Day, all Bridge Bank offices will be closed beginning at 3 pm on Christmas Eve and remain closed through Christmas Day. pic.twitter.com/TIP2gGLliHOur Southern California Capital Finance Group is proud to announce their most recent relationship with H Code Media, Inc., the leading technology platform offering a full suite of integrated marketing and media solutions for the U.S. Hispanic market. pic.twitter.com/n9NyyS7odbBridge Bank extends $4MM credit facility to H Code Media, Inc., the leading technology platform offering a full suite of integrated marketing and media solutions for the U.S. Hispanic market. westernalliancebancorporation.com/bridge-bank-ho… - about 1 year 1 month agoWe honor all of the men and women who have served. Thank you. #VeteransDay pic.twitter.com/EpGp17Q39kThankfully #technology works its magic on our electronic devices. We wish you the best of luck changing the clock on your microwave! #daylightsavings pic.twitter.com/9VVKbEyeYgOur Technology Banking Group is proud to announce their most recent deal with Zipari, a growth-stage #technologycompany that offers the first and only consumer experience platform built specifically for #healthinsurance. pic.twitter.com/ImSLIn2TW5Bridge Bank Extends $10MM Growth Capital Term Loan to Zipari prnewswire.com/news-releases/… - about 1 year 2 months agoWe wish everyone a fun and relaxing #LaborDay holiday weekend. REMINDER: In observance of Labor Day, all Bridge Bank offices will be closed on Monday, September 2nd. pic.twitter.com/OscfoI61Q4Our Life Sciences group is pleased to announce that Innovative Health has upsized their credit facility to $9MM. Innovative Health is committed to helping #healthcare realize the potential of medical device #reprocessing, enabling hospitals to provide better care through savings. pic.twitter.com/bMFiLdLyyM