A type of cybercrime called business email compromise (BEC) is on the rise — learn about fraud protection best practices to keep your business safe.

Getting called into the CEO’s office can be nerve-wracking. What’s even scarier is getting an email from your CEO that’s actually coming from someone else posing as him or her. That’s what sophisticated scammers are doing at an alarming—and growing—rate in a newer type of cybercrime called business email compromise (BEC).

The FBI considers BEC, which the agency defines as a scam targeting businesses working with foreign suppliers and/or businesses regularly performing wire transfer payments, a serious threat. And they should. In 2018 alone, BEC was responsible for $1.2 billion in adjusted losses.

Here’s how it works. The cybercriminals compromise a business’s email system through social engineering (psychologically manipulating people to give out confidential info) or computer intrusion techniques. Once they’ve captured access to your network and email system through malware and spear-phishing (targeted) attacks, they might spend days, weeks or months becoming familiar with your company’s billing system and vendors with the end goal of conducting an unauthorized transfer of funds.

But here’s where they really take advantage: They also learn who specifically is making the payments, and they study the CEO and CFO’s travel schedule and email style. That’s so, once they’re ready to make their move, they can impersonate that person to authorize a payment.

Protect Your Payment System
There are a variety of best practices to circumvent BEC, but one of the basics is to talk face-to-face or to pick up the phone to confirm the request. Yes, email is simpler and faster, but if there’s ever a question about a transaction, don’t rely on email alone.

As with any online crime, raising awareness and providing employee education are essential first steps. Here are a few safeguards to share with your staff:

  • Confirm changes. Whether it’s initiating a payment, transferring funds or updating vendor information, policies that require two-factor authentication or a secondary sign-off by another employee can provide extra protection and prompt a double-check of each change request.
  • Flag the unfamiliar. You can use email rules and intrusion detection system rules to flag emails that don’t have quite the right extension or construction. For example, if your company uses firstname.lastname@company.com, set up a flag for firstname-lastname@company.com or firstname_lastname@company.com. You also can flag incoming emails that have a different “from” and “reply to” address.
  • Identify internal and external. Color code virtual correspondence so e-mails from employee/internal accounts are one color and e-mails from non-employee/external accounts are another in employees’ inboxes.

If You’ve Been Compromised
First, understand that these are sophisticated scammers, and they are having a lot of success against a lot of companies. In fact, the Association for Financial Professionals, which has been tracking BEC for the past few years, reports:

  • Approximately 80% of companies have been impacted, up from 64% in 2015.
  • There’s been a 136% increase in identified global exposed dollar losses.
  • BEC has been reported in all 50 states and in 150 countries.

If your company has been a victim of BEC, act quickly. The first step is to contact the originating financial institution to request a recall or reversal as well as a Hold Harmless Letter or Letter of Indemnity. Next, contact the FBI’s Internet Crime Complaint Center and file a complaint.

Download a Bridge Bank Fraud Prevention Checklist to avoid BEC Scams.

About Us
ABOUT BRIDGE BANK

Bridge Bank, a division of Western Alliance Bank, Member FDIC, helps business clients realize their ambitions. Founded in 2001 in Silicon Valley, Bridge Bank offers a better way to bank for small-market and middle-market businesses across many industries, as well as emerging technology companies and the private equity community. Geared to serving both venture-backed and non-venture-backed companies, Bridge Bank delivers a broad scope of financial solutions including capital, equipment and working capital credit facilities, venture debt, treasury management, asset-based lending, SBA and commercial real estate loans, ESOP finance and a full line of international products and services. Based in San Jose, Bridge Bank has 16 offices in major markets across the country along with Western Alliance Bank’s powerful array of specialized financial services. Western Alliance Bank is the primary subsidiary of Phoenix-based Western Alliance Bancorporation. One of the country’s top-performing banking companies, Western Alliance has ranked in the top 10 on the Forbes “Best Banks in America” list for five consecutive years, 2016-2020, and was named #1 best-performing of the 50 largest public U.S. banks for 2019 by S&P Global Market Intelligence.

  • Recent News
    Bridge Bank company logo red black and white
    CloudBolt Announces $35 Million in Series B Funding
    Bridge Bank company logo red black and white
    Bridge Bank Hires Tech Banker Jon Berry, Builds on Growth Momentum in Austin
    Bridge Bank company logo red black and white
    Bridge Bank Expands Equity Fund Resources Group Hires Dragomir Sipovic, Vice President
    Bridge Bank company logo red black and white
    Bridge Bank Extends $2MM Credit Facility to Miva, Inc.
    Bridge Bank company logo red black and white
    Bridge Bank Extends Venture Term Loan to Deep Lens, Inc.
  • Recent Insights
    Leaving LIBOR
    Leaving LIBOR: 4 things to know about changing interest rate benchmarks
    california-2020
    Regional Intelligence Report Series: California Outlook
    south-bay-2020
    Regional Intelligence Report Series: South Bay Outlook
    CybersecuirtyWebinarInsight Article324x259819
    Protect Your Data: The Cybersecurity Webinar
    Protect Your Organization Against Data Breaches and Cybercrime Scams
  • Get Started