Defend Against BEC: Tips to Protect Your Business [Bonus BEC Reporting Info]

Business Email Compromise (BEC) can happen to any company. Fraudsters target businesses of all types and sizes by infiltrating their email servers using different hacking schemes and malware.  Through research and email monitoring, they typically target specific individuals within the company that are authorized to transfer funds.  

Fraudsters use this knowledge to email the targeted employee a personalized message with details disguised as regular correspondence. Often, the email appears to be sent from someone within the company or from someone the employee has a history of email correspondence. The goal is to trick the employee into believing they are opening the email from a trusted source and to follow the requests to transfer money to a nonlegitimate account. Ultimately resulting in a loss for the business. 

"According to the 2023 FBI Internet Crime Report, BEC attack victims in the U.S.
reported more than $2.9 billion in losses."

BEC attacks use legitimate email accounts and IP addresses that aren't flagged or blocked by standard email servers. Though they can be hard to detect, you can take steps to prevent them from happening to your business. Read below to learn how to prevent and spot BEC attempts and how to report them if they happen to you.

Protect Your Business:

Don't let your business be a victim of BEC.  Here's what you can do to avoid it from happening inside your company:

• Educate your employees to serve as the first line of defense by training them and creating Standard Operating Procedures for sending wire transfers.
  • Teach employees how to identify scams (see next section.)
  • Establish verification methods for all email requests to verify the person is authentic and not an imposter. Employees should never use a phone number provided by the person sending the request.
  • Set up an internal protocol requiring a secondary internal authorization for all transfers.
  • Make it harder for the bad guys to gain access; require employees to use multi-factor authentication before sending wire transfer requests.
  • Provide employees with guidance on how to report a suspected incident.
    
    
• Make sure your systems can defend against the latest threats. Ensure your email servers, anti-virus software, and other security tools are running the latest software updates.

How to Spot a Business Email Compromise

When opening or acting upon an email, look out for the common red flags below.

#1 Rule of Thumb:
If you suspect anything, confirm with the email sender through another channel, such as a phone call or text, using the information in your records—not what they provide!

🚩 Suspicious Email Address or Request From Sender

Emails that look familiar but are slightly altered should be approached with care. Look at the actual email address, not just what the sender displays.

🚩 Scammers Pretend To Be Someone You Trust

Don't use the information they provide to confirm their identity. If the email is from within your company or a known individual and the request looks suspicious, pick up the phone or place a video call to verify. Make sure you use the contact information in your records. Attackers can infiltrate and access legitimate emails.

🚩 Generic Greetings, Signatures, Unusual Language, and Layout

Along with spelling errors, poor or awkward grammar and content layout, a generic greeting such as "Dear Sir or Madam" is a warning sign.

🚩 Fraudulent Hyperlinks or Attachments

Look closely at links or attachments before clicking, as they may contain viruses or malware. Hover over links to inspect the URL and only open attachments you expect AFTER verifying the email address.

🚩 Sense of Urgency

Don't be pressured into taking immediate action. Scammers want to distract you from confirming their story or verifying their identity. It's worth taking extra time to call the individual to ensure the request is legit.

🚩 Updated or Last-minute Changes to Wiring Instructions

Changes to where funds are to be dispersed should set off an alarm.  Requests to wire funds to a different account or bank other than stated initially should be verified.  Never act on any last-minute changes without confirming the change request.

Report BEC Immediately:

If your business's email becomes compromised, take the following actions immediately: 

• File a complaint with the FBI's Internet Crime Complaint Center (IC3).  The complaint must contain all required data, including banking information. For more information on the complaint process, check out the IC3 Complaint FAQs.  This online form is available 24/7.
  
  Regardless of the amount lost, filing a complaint with the IC3 is important as it can assist the financial institution and law enforcement with potential recovery efforts.

• Contact the originating Financial Institution (FI) to request a funds reversal.
  
  
• If the originating FI cannot reverse the funds, contact the FI to where the funds were sent and request a refund. Different financial institutions have varying policies, so it is important to know what assistance your financial institution provides when attempting to recover funds.  NOTE: They will need verification of the fraud, so filing a BEC Complaint with the FBI is important.