BBB serving Central East Texas advises businesses to be aware of Business Email Compromise (BEC) scams that have stolen sensitive employee information and cost businesses across the U.S. millions of dollars. A BEC is a sophisticated scam which targets businesses who work with foreign suppliers and/or businesses which regularly perform wire transfer payments.
The schemes typically involve phony or “spoofed” email instructions that appear to be from high-ranking company officials, often a CEO. The emails instruct employees to wire cash or provide information such as W-2 wage and tax statements. The schemes target a wide variety of businesses, from large corporations to small businesses to nonprofit groups.
The FBI has identified several variants of BEC. In March, the FBI reported worldwide losses of over $5.3 billion to BEC wire transfer schemes from October 2013 through December of 2016, mostly to U.S. businesses. More than 22,000 BEC U.S. victim complaints were reported to the IC3 during this period.
In each of these cases, thieves use publicly available information to research the target organization, tailoring the spoofed or faked email to make it appear that it came from a company executive. Not wanting to challenge an executive, the employee often complies with the emailed request.
“Several East Texas School Districts have fallen prey in the past, so all organizations are vulnerable”, said Mechele Agbayani Mills, President and CEO of BBB Serving Central East Texas. “Making sure your staff is aware of the red flags can minimize your business’ chance of becoming victimized.”
The following are typical scenarios for BEC scams:
A thief posing as an executive uses a fake email to ask that a large wire transfer, sometimes exceeding $100,000, be wired immediately as part of a time-sensitive business acquisition. It is not until after the money is sent that the company realizes it was the victim of a scam and the money is gone.
A criminal posing as an executive emails the human resources or business’ payroll department, asking that it send W-2 copies of employees’ wage and tax statements from the previous year. A department employee immediately complies, unwittingly sending the information to the thieves, who then may use the information to conduct identity fraud.
The following tips can help companies protect themselves from the schemes:
- Ramp up prevention efforts in the form of fraud awareness training for employees and robust technical prevention controls.
- Create a solid business continuity plan in the event of a BEC scam.
- Confirm all requests for fund transfers. When verifying by phone, use known phone numbers, not numbers provided by the email request.
- Carefully scrutinize all email requests for fund transfers or sensitive employee information to determine whether they are legitimate. For instance, review the “Reply To” to ensure the email address is actually from your organization. Be aware of lookalike domains.
- Review email logs, with automated tools if possible, looking for potentially suspicious fake “executive” emails from free email service providers.
- If you are victimized in a wire transfer scheme, contact your financial institution as soon as you learn of the theft.
- Contact your local FBI office if you detect the wire transfer scheme quickly. Contact the IRS if you learn that tax information has been compromised.
- File a complaint at www.IC3.gov.
For additional resources on how to build a better business and to find out how to network with other businesses, go to bbb.org.