With Business Email Compromise, legitimate business email accounts are either compromised or impersonated, and then used to order or request the transfer of funds. The fraudster will often compromise one of the business’ officers and monitor his or her account for patterns, contacts and information. Using information gained from social media or “out of office” messages, the fraudster will often wait until the officer is away on business to use the compromised email account to send payment instructions.
Avoid Being a Victim
Solid internal controls are key to guarding against these scams.
- Understand these attacks can come via email, phone calls, faxes or letters in the mail. Don’t assume it’s a cybersecurity problem.
- Educate and train employees to recognize, question, and independently authenticate changes in payment instructions, requests for secrecy, or pressure to take action quickly.
- Authenticate requests to make payment or change payment information.
- Review accounts frequently.
- Initiate payments using dual controls.
- Never provide password, username, authentication credentials, or account information when contacted.
- Don’t provide nonpublic business information on social media.
- Avoid free web-based email accounts for business purposes. A company domain should always be used to establish company personnel emails.
- To make impersonation harder, consider registering domains that closely resemble the company’s actual domain.
- Do not use the “reply” option when authenticating emails for payment requests. Instead, use the “forward” option and type in the correct email address or select from a known address book.
- Don’t share your credentials with coworkers.
- Ensure your computer has current Anti Virus/Malware software.
- Best practice is to have a dedicated computer for performing business banking and financial transactions.
Source: NACHA, Protecting against Fraud: How to spot and prevent fraud schemes.
If you have any questions please contact Treasury Management Officer, Scott Walters, at 402-323-8274 or via email: scott.walters@CornhuskerBank.com