Business Email Compromise Scams

Did you know…

  • In 2016, an Austrian Aerospace firm was defrauded of $42 million dollars.
  • In 2017, Save the Children USA was the victim of a $1 million scam
  • In 2019, a Toyota subsidiary suffered a loss of $37 million

What caused these significant losses… it’s the rise of Business Email Compromise scams.

What are Business Email Compromise Scams?

Business Email Compromise Scams, also referred to as BECs, occur when a scammer uses computer intrusion or social engineering to send emails to induce victims to initiate wire transfers or disclose personal information. These types of scams mostly target businesses working with foreign suppliers and businesses that regularly perform wire transfer payments. Scammers typically direct wire transfers abroad to foreign banks, such as China and Hong Kong. However, scammers have also used US bank accounts as well and done so using money mules.

Per the FBI, there are five types of BECs scam, including:

  • Bogus Invoice Schemes
  • CEO fraud
  • Account Compromise
  • Attorney Impersonation
  • Data theft

Who are the Victims?

Victims can range from small to large businesses that may purchase or supply a variety of goods, such as textiles, furniture, food or pharmaceuticals. The scam impacts both ends of the supply chain, as supplies and money can be lost and business relationships damaged.

Victims of BECs scams often receive “phishing emails” requesting additional details of the business or targeted individuals prior to the actual BEC scam. These emails appear to be sent from a legitimate sender and typically instruct the recipient to click a link and share specific information. The email may also contain a link or attachment that will install malware upon when being clicked or downloaded.

How Do You Avoid the BEC Trap?

Below are some ways to protect your business or self from these types of scams:

  • Avoid free web-based email, establish a company website domain.
  • Be cognizant and careful about what personal information is posted on social media and company websites. For example, if a company provides your bio on their website, ensure it does not include personal information that can be used by fraudsters.
  • Be suspicious of requests for secrecy or pressure to take quick action. If an email or request seems out of the norm, be aware and look into it.
  • Consider additional IT and Financial security procedures. This can include a two-step verification process:
  • Digital signatures—both entities on either side of transaction should use digital signatures
  • Delete spam–Immediate delete unsolicited email and do not open or click links. Report any suspicious emails to appropriate channels at your company.
  • Forward vs Reply–Do not use reply option to respond to business emails. Use the forward option or type in the correct email address into a new email
  • Be aware of sudden requests for changes in business practices, such as change of financial information or bank information. Always verify the source.

Implementing a few changes, and running surprise tests on employees, can go a long way in avoiding or mitigating BEC scams. Scammers are constantly finding new ways to catch companies and individuals off guard. Awareness and information serves as powerful preventatives.

Posted in:
About the Author

DM Studler

DM Studler, M.Acc., CPA, CFF is the founder of SDC CPAs, LLC. and has worked employee dishonesty claims in excess of $82,000,000, both domestic and internationally. She speaks across the country on a regular basis and is highly esteemed among her colleagues.