How To Sidestep A Business Email Compromise Scam
Getting called into the CEO’s office can be nerve-wracking. What’s even scarier is getting an email from your CEO that’s actually coming from someone else posing as him or her. That’s what sophisticated scammers are doing at an alarming—and growing—rate in a newer type of cybercrime called business email compromise (BEC).
The FBI considers BEC, which the agency defines as a scam targeting businesses working with foreign suppliers and/or businesses regularly performing wire transfer payments, a serious threat. And they should. In 2018 alone, BEC was responsible for $1.2 billion in adjusted losses.
Here’s how it works. The cybercriminals compromise a business’s email system through social engineering (psychologically manipulating people to give out confidential info) or computer intrusion techniques. Once they’ve captured access to your network and email system through malware and spear-phishing (targeted) attacks, they might spend days, weeks or months becoming familiar with your company’s billing system and vendors with the end goal of conducting an unauthorized transfer of funds.
But here’s where they really take advantage: They also learn who specifically is making the payments, and they study the CEO and CFO’s travel schedule and email style. That’s so, once they’re ready to make their move, they can impersonate that person to authorize a payment.
Protect Your Payment System
There are a variety of best practices to circumvent BEC, but one of the basics is to talk face-to-face or to pick up the phone to confirm the request. Yes, email is simpler and faster, but if there’s ever a question about a transaction, don’t rely on email alone.
As with any online crime, raising awareness and providing employee education are essential first steps. Here are a few safeguards to share with your staff:
- Confirm changes. Whether it’s initiating a payment, transferring funds or updating vendor information, policies that require two-factor authentication or a secondary sign-off by another employee can provide extra protection and prompt a double-check of each change request.
- Flag the unfamiliar. You can use email rules and intrusion detection system rules to flag emails that don’t have quite the right extension or construction. For example, if your company uses firstname.lastname@example.org, set up a flag for email@example.com or firstname.lastname@example.org. You also can flag incoming emails that have a different “from” and “reply to” address.
- Identify internal and external. Color code virtual correspondence so e-mails from employee/internal accounts are one color and e-mails from non-employee/external accounts are another in employees’ inboxes.
If You’ve Been Compromised
First, understand that these are sophisticated scammers, and they are having a lot of success against a lot of companies. In fact, the Association for Financial Professionals, which has been tracking BEC for the past few years, reports:
- Approximately 80% of companies have been impacted, up from 64% in 2015.
- There’s been a 136% increase in identified global exposed dollar losses.
- BEC has been reported in all 50 states and in 150 countries.
If your company has been a victim of BEC, act quickly. The first step is to contact the originating financial institution to request a recall or reversal as well as a Hold Harmless Letter or Letter of Indemnity. Next, contact the FBI’s Internet Crime Complaint Center and file a complaint.
Download a Bridge Bank Fraud Prevention Checklist to avoid BEC Scams.
Bridge Bank, a division of Western Alliance Bank, Member FDIC, helps business clients realize their growth ambitions. Founded in 2001 in Silicon Valley, Bridge Bank offers a better way to bank for small-market and middle-market businesses across many industries, as well as emerging technology companies and the private equity community. Geared to serving both venture-backed and non-venture-backed companies, Bridge Bank delivers a broad scope of financial solutions including growth capital, equipment and working capital credit facilities, venture debt, treasury management, asset-based lending, SBA and commercial real estate loans, ESOP finance and a full line of international products and services. Based in San Jose, Bridge Bank has 16 offices in major markets across the country along with Western Alliance Bank’s powerful array of specialized financial services. Western Alliance Bank is the primary subsidiary of Phoenix-based Western Alliance Bancorporation. One of the country’s top-performing banking companies, Western Alliance has ranked in the top 10 on the Forbes “Best Banks in America” list for five consecutive years, 2016-2020.
Recent NewsBridge Bank Extends $10MM Senior Loan to AuraBridge Bank's Life Sciences Group Expands in San Francisco Bay Area, Hires Derek ScalfBridge Bank Extends $4MM Credit Facility to H Code Media, Inc.Lauren Cosentino to Lead New Business Growth in the Southeast, Mid-Atlantic and Midwest Regions for Bridge Bank's Life Sciences GroupBridge Bank Extends $4MM Senior Debt Facility to Factor 75 LLC
Recent InsightsProtect Your Organization Against Data Breaches and Cybercrime ScamsFight Payment Fraud Within Your OrganizationSafeguard Your Business Against Bank FraudHow To Sidestep A Business Email Compromise ScamRegional Intelligence Report Series: The South Bay & Silicon Valley
Learn more about the several key initiatives we’re focused on right now. #WeAreInThisTogether #covid19 #CoronaVirus westernalliancebancorporation.com/~/media/pdfs/b… - yesterday pic.twitter.com/ssOjI7DGnXCybercriminals are using concerns about COVID-19 to perpetrate scams – learn how to defend your organization against these scams and best practices to keep your business safe. #fraudawareness #cybersecurity #fraud #cybercrime #fraudprevention #WFH westernalliancebancorporation.com/bridge-bank-ho… - 4 days pic.twitter.com/kZo07GPhVvBridge Bank is a proud sponsor of #FVCC2020, Florida’s largest statewide #VentureCapital Conference. pic.twitter.com/9l2lOPceVROur #LifeSciences Group helped @alluriontech create a customized #financialsolution to support their rapid growth. Allurion Technologies is a #medicaldevice company and creator of the Elipse™ Balloon, a breakthrough product in weight-loss technology. pic.twitter.com/OS96djwOA8Our Life Sciences Group welcomes Derek Scalf. Also, find out how to meet with our entire team during #JPM2020 westernalliancebancorporation.com/bridge-bank-ho… - about 2 months 4 weeks agoWe wish you peace, joy, and prosperity in the new year! #happynewyear2020 NOTICE: All Bridge Bank offices will be closed on Wednesday, January 1st in observance of New Year's Day. pic.twitter.com/B8efpD0GlQREMINDER: In observance of Christmas Day, all Bridge Bank offices will be closed beginning at 3 pm on Christmas Eve and remain closed through Christmas Day. pic.twitter.com/TIP2gGLliHOur Southern California Capital Finance Group is proud to announce their most recent relationship with H Code Media, Inc., the leading technology platform offering a full suite of integrated marketing and media solutions for the U.S. Hispanic market. pic.twitter.com/n9NyyS7odbBridge Bank extends $4MM credit facility to H Code Media, Inc., the leading technology platform offering a full suite of integrated marketing and media solutions for the U.S. Hispanic market. westernalliancebancorporation.com/bridge-bank-ho… - about 3 months 2 weeks agoWe honor all of the men and women who have served. Thank you. #VeteransDay pic.twitter.com/EpGp17Q39kThankfully #technology works its magic on our electronic devices. We wish you the best of luck changing the clock on your microwave! #daylightsavings pic.twitter.com/9VVKbEyeYgOur Technology Banking Group is proud to announce their most recent deal with Zipari, a growth-stage #technologycompany that offers the first and only consumer experience platform built specifically for #healthinsurance. pic.twitter.com/ImSLIn2TW5Bridge Bank Extends $10MM Growth Capital Term Loan to Zipari prnewswire.com/news-releases/… - about 5 months 1 week agoWe wish everyone a fun and relaxing #LaborDay holiday weekend. REMINDER: In observance of Labor Day, all Bridge Bank offices will be closed on Monday, September 2nd. pic.twitter.com/OscfoI61Q4Our Life Sciences group is pleased to announce that Innovative Health has upsized their credit facility to $9MM. Innovative Health is committed to helping #healthcare realize the potential of medical device #reprocessing, enabling hospitals to provide better care through savings. pic.twitter.com/bMFiLdLyyMHappy birthday, #America! Your friends at Bridge Bank wish everyone a safe and joyous celebration. REMINDER: In observance of #IndependenceDay2019, our offices will be closed on Thursday, July 4. pic.twitter.com/twQjmCVei1We would like to congratulate our client, @KIXEYE , on their recent acquisition by Stillfront. Kixeye is a leading gaming developer that makes games for gamers by gamers. Their hit titles include Battle Pirates, War Commander, and VEGA Conflict. pic.twitter.com/9RpoQ7zL13This Memorial Day, we honor and remember those who lost their lives while serving our country. REMINDER: In observance of Memorial Day, our offices will be closed on Monday, May 27. pic.twitter.com/QNA7r5hpv4We are beaming with pride in recognizing this amazing accomplishment of our client, Jessie Wooley-Wilson, CEO of @DreamBox_Learn. Congratulations, @jessieww, on winning the Big Tech CEO of the Year Award at the 2019 GeekWire Awards! #DreamBox youtu.be/WRHuuyPSAfg - about 11 months 1 day agoOur Technology banking group is pleased to announce their latest banking relationship with Touch of Modern, the leading e-commerce app for men to discover cutting edge products, and named one of the 500 fastest growing companies in America by the Inc. 5000 two years in a row. pic.twitter.com/4HfbJVYJaZOur technology banking group is pleased to announce their latest client relationship with @humanyze, a company that has used breakthroughs in #datascience, #AI, and #machinelearning and built organizational metrics and an analytics software platform for global 1000 companies. pic.twitter.com/zayjjFTcX3“We would like to #congratulate our client, @geteero , on their recent acquisition by @amazon. @geteero is the company that built the first home Wi-Fi system to blanket your home in fast, secure, and reliable Wi-Fi.” pic.twitter.com/Mr9NkHNnHJBridge Bank is a proud sponsor of this week’s #WomensPESummit (Mar. 13-15), which will be bringing together over 550 #privateequity and #venturecapitalists for powerful discussions and uninterrupted networking.NOTICE: All Bridge Bank offices will be closed on Monday, February 18 in observance of #PresidentsDay pic.twitter.com/TDy6fglKMF“Our Life Sciences Group is pleased to announce their latest transaction with @VeranMedical. Veran helps doctors in the early detection of lung cancer and provides precision guidance to deliver potentially lifesaving therapy.” pic.twitter.com/kdE4kjlsYk"Faith is taking the first step even when you don't see the whole staircase." ~Martin Luther King Jr. #MLK NOTICE: All Bridge Bank offices will be closed on Monday, January 21st in observance of Martin Luther King Jr. Day. pic.twitter.com/iLTBf6IuxeOur Life Sciences Group will be in San Francisco, during the JP Morgan Healthcare Conference #JPM19, the epicenter of where healthcare kicks off and sets the tone for the year. To learn more about how we help the life sciences community, visit bridgebank.com/lifesciences - about 1 year 3 months ago#HappyNewYear! We wish you peace, joy, and prosperity in 2019. NOTICE: All Bridge Bank offices will be closed on January 1st in observance of New Year's Day. pic.twitter.com/rMJXOSDmMd