A type of cybercrime called business email compromise (BEC) is on the rise — learn about fraud protection best practices to keep your business safe.

Getting called into the CEO’s office can be nerve-wracking. What’s even scarier is getting an email from your CEO that’s actually coming from someone else posing as him or her. That’s what sophisticated scammers are doing at an alarming—and growing—rate in a newer type of cybercrime called business email compromise (BEC).

The FBI considers BEC, which the agency defines as a scam targeting businesses working with foreign suppliers and/or businesses regularly performing wire transfer payments, a serious threat. And they should. In 2018 alone, BEC was responsible for $1.2 billion in adjusted losses.

Here’s how it works. The cybercriminals compromise a business’s email system through social engineering (psychologically manipulating people to give out confidential info) or computer intrusion techniques. Once they’ve captured access to your network and email system through malware and spear-phishing (targeted) attacks, they might spend days, weeks or months becoming familiar with your company’s billing system and vendors with the end goal of conducting an unauthorized transfer of funds.

But here’s where they really take advantage: They also learn who specifically is making the payments, and they study the CEO and CFO’s travel schedule and email style. That’s so, once they’re ready to make their move, they can impersonate that person to authorize a payment.

Protect Your Payment System
There are a variety of best practices to circumvent BEC, but one of the basics is to talk face-to-face or to pick up the phone to confirm the request. Yes, email is simpler and faster, but if there’s ever a question about a transaction, don’t rely on email alone.

As with any online crime, raising awareness and providing employee education are essential first steps. Here are a few safeguards to share with your staff:

  • Confirm changes. Whether it’s initiating a payment, transferring funds or updating vendor information, policies that require two-factor authentication or a secondary sign-off by another employee can provide extra protection and prompt a double-check of each change request.
  • Flag the unfamiliar. You can use email rules and intrusion detection system rules to flag emails that don’t have quite the right extension or construction. For example, if your company uses [email protected], set up a flag for [email protected] or [email protected]. You also can flag incoming emails that have a different “from” and “reply to” address.
  • Identify internal and external. Color code virtual correspondence so e-mails from employee/internal accounts are one color and e-mails from non-employee/external accounts are another in employees’ inboxes.

If You’ve Been Compromised
First, understand that these are sophisticated scammers, and they are having a lot of success against a lot of companies. In fact, the Association for Financial Professionals, which has been tracking BEC for the past few years, reports:

  • Approximately 80% of companies have been impacted, up from 64% in 2015.
  • There’s been a 136% increase in identified global exposed dollar losses.
  • BEC has been reported in all 50 states and in 150 countries.

If your company has been a victim of BEC, act quickly. The first step is to contact the originating financial institution to request a recall or reversal as well as a Hold Harmless Letter or Letter of Indemnity. Next, contact the FBI’s Internet Crime Complaint Center and file a complaint.

Download a Bridge Bank Fraud Prevention Checklist to avoid BEC Scams.

About Us

Bridge Bank, a division of Western Alliance Bank, Member FDIC, helps business clients realize their ambitions. Founded in 2001 in Silicon Valley, Bridge Bank offers a better way to bank for small- to mid-market businesses across many industries, as well as emerging technology companies and the private equity community. Geared to serving both venture-backed and non-venture-backed companies, Bridge Bank delivers a broad scope of financial solutions including capital, equipment and working capital credit facilities, venture debt, treasury management, asset-based lending, SBA and commercial real estate loans, ESOP finance and a full line of international products and services. Based in San Jose, Bridge Bank has 16 offices in major markets across the country along with Western Alliance Bank’s powerful array of specialized financial services. Western Alliance Bank is the primary subsidiary of Phoenix-based Western Alliance Bancorporation, with more than $50 billion in assets. Western Alliance is again #1 best-performing of the 50 largest public U.S. banks in the new S&P Global Market Intelligence listing for 2020 and ranks high on the Forbes “Best Banks in America” list year after year.

  • Recent News
    Bridge Bank company logo red black and white
    Bridge Bank Issues $4 Million Line of Credit to Ride Health
    Bridge Bank company logo red black and white
    Bridge Bank Expands Business Escrow Services, Adding Leaders in Multiple Markets Nationwide
    Bridge Bank company logo red black and white
    Bridge Bank Issues $10 Million Asset-based Line of Credit to Shippabo
    Bridge Bank company logo red black and white
    Bridge Bank Increases YES Leasing's Credit Facility
    Bridge Bank company logo red black and white
    Bridge Bank Extends a $5 Million Monthly Recurring Revenue Line of Credit Facility to One Medical Passport
  • Recent Insights
    Woman looking at computer interested
    As LIBOR Exits, Opt to Choose One of Three Rate Options
    Looking to Optimize Your Banking Relationship?
    Rising Inflation, How Worried Should We Be?
    Protect Your Business and iPhone from Cybersecurity Attacks
    Bridge Bank’s Syndication Capabilities Helps Clients Grow
  • Get Started