How To Sidestep A Business Email Compromise Scam
Getting called into the CEO’s office can be nerve-wracking. What’s even scarier is getting an email from your CEO that’s actually coming from someone else posing as him or her. That’s what sophisticated scammers are doing at an alarming—and growing—rate in a newer type of cybercrime called business email compromise (BEC).
The FBI considers BEC, which the agency defines as a scam targeting businesses working with foreign suppliers and/or businesses regularly performing wire transfer payments, a serious threat. And they should. In 2018 alone, BEC was responsible for $1.2 billion in adjusted losses.
Here’s how it works. The cybercriminals compromise a business’s email system through social engineering (psychologically manipulating people to give out confidential info) or computer intrusion techniques. Once they’ve captured access to your network and email system through malware and spear-phishing (targeted) attacks, they might spend days, weeks or months becoming familiar with your company’s billing system and vendors with the end goal of conducting an unauthorized transfer of funds.
But here’s where they really take advantage: They also learn who specifically is making the payments, and they study the CEO and CFO’s travel schedule and email style. That’s so, once they’re ready to make their move, they can impersonate that person to authorize a payment.
Protect Your Payment System
There are a variety of best practices to circumvent BEC, but one of the basics is to talk face-to-face or to pick up the phone to confirm the request. Yes, email is simpler and faster, but if there’s ever a question about a transaction, don’t rely on email alone.
As with any online crime, raising awareness and providing employee education are essential first steps. Here are a few safeguards to share with your staff:
- Confirm changes. Whether it’s initiating a payment, transferring funds or updating vendor information, policies that require two-factor authentication or a secondary sign-off by another employee can provide extra protection and prompt a double-check of each change request.
- Flag the unfamiliar. You can use email rules and intrusion detection system rules to flag emails that don’t have quite the right extension or construction. For example, if your company uses firstname.lastname@example.org, set up a flag for email@example.com or firstname.lastname@example.org. You also can flag incoming emails that have a different “from” and “reply to” address.
- Identify internal and external. Color code virtual correspondence so e-mails from employee/internal accounts are one color and e-mails from non-employee/external accounts are another in employees’ inboxes.
If You’ve Been Compromised
First, understand that these are sophisticated scammers, and they are having a lot of success against a lot of companies. In fact, the Association for Financial Professionals, which has been tracking BEC for the past few years, reports:
- Approximately 80% of companies have been impacted, up from 64% in 2015.
- There’s been a 136% increase in identified global exposed dollar losses.
- BEC has been reported in all 50 states and in 150 countries.
If your company has been a victim of BEC, act quickly. The first step is to contact the originating financial institution to request a recall or reversal as well as a Hold Harmless Letter or Letter of Indemnity. Next, contact the FBI’s Internet Crime Complaint Center and file a complaint.
Download a Bridge Bank Fraud Prevention Checklist to avoid BEC Scams.
Bridge Bank, a division of Western Alliance Bank, Member FDIC, helps business clients realize their ambitions. Founded in 2001 in Silicon Valley, Bridge Bank offers a better way to bank for small-market and middle-market businesses across many industries, as well as emerging technology companies and the private equity community. Geared to serving both venture-backed and non-venture-backed companies, Bridge Bank delivers a broad scope of financial solutions including capital, equipment and working capital credit facilities, venture debt, treasury management, asset-based lending, SBA and commercial real estate loans, ESOP finance and a full line of international products and services. Based in San Jose, Bridge Bank has 16 offices in major markets across the country along with Western Alliance Bank’s powerful array of specialized financial services. Western Alliance Bank is the primary subsidiary of Phoenix-based Western Alliance Bancorporation. One of the country’s top-performing banking companies, Western Alliance has ranked in the top 10 on the Forbes “Best Banks in America” list for five consecutive years, 2016-2020, and was named #1 best-performing of the 50 largest public U.S. banks for 2019 by S&P Global Market Intelligence.
Recent NewsBridge Bank Extends $2MM Credit Facility to Miva, Inc.Bridge Bank Extends Venture Term Loan to Deep Lens, Inc.Bridge Bank Expands Capital Finance Group with New Managing Director Timothy CarstensSan José State University Economic Summit Presented by Bridge Bank Goes VirtualBridge Bank Extends Credit Facility to YES Leasing
Recent InsightsLeaving LIBOR: 4 things to know about changing interest rate benchmarksRegional Intelligence Report Series: California OutlookRegional Intelligence Report Series: South Bay OutlookProtect Your Data: The Cybersecurity WebinarProtect Your Organization Against Data Breaches and Cybercrime Scams
In observance of Columbus Day, all Bridge Bank offices will be closed on Monday, October 12. pic.twitter.com/BtX52D5RTPWe wish everyone a safe and relaxing #LaborDay holiday weekend. REMINDER: In observance of Labor Day, all Bridge Bank offices will be closed on Monday, September pic.twitter.com/09SIuoO7XGOur Technology Banking Group recently provided MIVA, an #ecommerce #software and service provider, with a credit facility. Read our press release to learn more: westernalliancebancorporation.com/bridge-bank-ho… - about 1 month 2 weeks ago #technologybanking pic.twitter.com/OUj49RdD5VOur Life Sciences Group is pleased to announce an upsized term loan for Fennec Pharmaceuticals, a pharmaceutical company focused on the development of PEDMARK™ (a unique formulation of Sodium Thiosulfate) for the prevention of ototoxicity from cisplatin in pediatric patients. pic.twitter.com/zrH2JslA27Stay safe as you celebrate #IndependenceDay. REMINDER: In observance of Independence Day, all Bridge Bank offices will be closed on Friday, July 3.” pic.twitter.com/EFLG0KJ3u5Our Technology Banking Group is pleased to announce that they have recently provided a credit facility to aPriori Technologies, a leading provider of design for manufacturability and cost (#DFM/DTC) solutions. #computersoftware #technology #banking pic.twitter.com/PuTYcnKMttLast chance to join us for what is sure to be one of the most interesting economic discussions in the history of this long-standing event, featuring economist, Dr. Christopher Thornberg & SJ Deputy City Manager, Kim Walesh Register now! #sjsueconsummit event.on24.com/wcc/r/2316585/… - about 4 months 4 weeks ago pic.twitter.com/sqxWOiCvsZThis Memorial Day, we honor and remember those who lost their lives while serving our country. REMINDER: In observance of Memorial Day, our offices will be closed on Monday, May 25. pic.twitter.com/Ae97NsXsDaThere’s still time to join us for what is sure to be one of the most interesting economic discussions in the history of this long-standing event, featuring keynote speaker and noted economist, Dr. Christopher Thornberg. Register today! #sjsueconsummit event.on24.com/wcc/r/2316585/… - about 5 months 3 days ago pic.twitter.com/TWo0MiGjijJoin us for what is sure to be one of the most interesting economic discussions in the history of this long-standing event, featuring keynote speaker and noted economist, Dr. Christopher Thornberg. Register today! #sjsueconsummit event.on24.com/wcc/r/2316585/… - about 5 months 5 days ago pic.twitter.com/pdtYAF2XrDBridge Bank’s #LifeSciences Group is proud to partner with iCAD, a global #medical #technology leader providing #innovative cancer detection and therapy solutions. bridgebank.com/lifesciences - about 5 months 2 weeks ago pic.twitter.com/oPIrnYlOTjCongratulations, @ArcturusRx on your big announcement and the accomplishments you and your team are achieving as you work on a vaccine for COVID-19. #COVID19 #coronavirus #vaccines #LifeSciences ir.arcturusrx.com/news-releases/… - about 6 months 1 week agoOur #LifeSciences team is proud to provide Valencell, a company that transforms the science of wearable #biometrics to enable impactful #health outcomes, with the creative #bankingsolutions they needed. pic.twitter.com/XCmNJpaVuvOrganizations of any size are at risk of data breaches or other types of #cybercrime, but you can defend yourself against #fraud by knowing the dangers and implementing best practices whether you’re #WFH or the office. #fraudawareness #cybersecurity westernalliancebancorporation.com/bridge-bank-ho… - about 6 months 2 weeks ago pic.twitter.com/bzKAaLYRGPLearn more about the several key initiatives we’re focused on right now. #WeAreInThisTogether #covid19 #CoronaVirus westernalliancebancorporation.com/~/media/pdfs/b… - about 6 months 3 weeks ago pic.twitter.com/ssOjI7DGnXCybercriminals are using concerns about COVID-19 to perpetrate scams – learn how to defend your organization against these scams and best practices to keep your business safe. #fraudawareness #cybersecurity #fraud #cybercrime #fraudprevention #WFH westernalliancebancorporation.com/bridge-bank-ho… - about 6 months 3 weeks ago pic.twitter.com/kZo07GPhVvBridge Bank is a proud sponsor of #FVCC2020, Florida’s largest statewide #VentureCapital Conference. pic.twitter.com/9l2lOPceVROur #LifeSciences Group helped @alluriontech create a customized #financialsolution to support their rapid growth. Allurion Technologies is a #medicaldevice company and creator of the Elipse™ Balloon, a breakthrough product in weight-loss technology. pic.twitter.com/OS96djwOA8Our Life Sciences Group welcomes Derek Scalf. Also, find out how to meet with our entire team during #JPM2020 westernalliancebancorporation.com/bridge-bank-ho… - about 9 months 2 weeks agoWe wish you peace, joy, and prosperity in the new year! #happynewyear2020 NOTICE: All Bridge Bank offices will be closed on Wednesday, January 1st in observance of New Year's Day. pic.twitter.com/B8efpD0GlQREMINDER: In observance of Christmas Day, all Bridge Bank offices will be closed beginning at 3 pm on Christmas Eve and remain closed through Christmas Day. pic.twitter.com/TIP2gGLliHOur Southern California Capital Finance Group is proud to announce their most recent relationship with H Code Media, Inc., the leading technology platform offering a full suite of integrated marketing and media solutions for the U.S. Hispanic market. pic.twitter.com/n9NyyS7odbBridge Bank extends $4MM credit facility to H Code Media, Inc., the leading technology platform offering a full suite of integrated marketing and media solutions for the U.S. Hispanic market. westernalliancebancorporation.com/bridge-bank-ho… - about 10 months 1 week agoWe honor all of the men and women who have served. Thank you. #VeteransDay pic.twitter.com/EpGp17Q39kThankfully #technology works its magic on our electronic devices. We wish you the best of luck changing the clock on your microwave! #daylightsavings pic.twitter.com/9VVKbEyeYgOur Technology Banking Group is proud to announce their most recent deal with Zipari, a growth-stage #technologycompany that offers the first and only consumer experience platform built specifically for #healthinsurance. pic.twitter.com/ImSLIn2TW5Bridge Bank Extends $10MM Growth Capital Term Loan to Zipari prnewswire.com/news-releases/… - about 11 months 4 weeks agoWe wish everyone a fun and relaxing #LaborDay holiday weekend. REMINDER: In observance of Labor Day, all Bridge Bank offices will be closed on Monday, September 2nd. pic.twitter.com/OscfoI61Q4Our Life Sciences group is pleased to announce that Innovative Health has upsized their credit facility to $9MM. Innovative Health is committed to helping #healthcare realize the potential of medical device #reprocessing, enabling hospitals to provide better care through savings. pic.twitter.com/bMFiLdLyyMHappy birthday, #America! Your friends at Bridge Bank wish everyone a safe and joyous celebration. REMINDER: In observance of #IndependenceDay2019, our offices will be closed on Thursday, July 4. pic.twitter.com/twQjmCVei1We would like to congratulate our client, @KIXEYE , on their recent acquisition by Stillfront. Kixeye is a leading gaming developer that makes games for gamers by gamers. Their hit titles include Battle Pirates, War Commander, and VEGA Conflict. pic.twitter.com/9RpoQ7zL13This Memorial Day, we honor and remember those who lost their lives while serving our country. REMINDER: In observance of Memorial Day, our offices will be closed on Monday, May 27. pic.twitter.com/QNA7r5hpv4We are beaming with pride in recognizing this amazing accomplishment of our client, Jessie Wooley-Wilson, CEO of @DreamBox_Learn. Congratulations, @jessieww, on winning the Big Tech CEO of the Year Award at the 2019 GeekWire Awards! #DreamBox youtu.be/WRHuuyPSAfg - about 1 year 5 months agoOur Technology banking group is pleased to announce their latest banking relationship with Touch of Modern, the leading e-commerce app for men to discover cutting edge products, and named one of the 500 fastest growing companies in America by the Inc. 5000 two years in a row. pic.twitter.com/4HfbJVYJaZ