CALL NOW:

(844) 845-4219

ES

Debt.com
Debt.com » How to Protect Yourself and Your Company from BEC Scams
Advertiser Disclosure

How to Protect Yourself and Your Company from BEC Scams

dhipp

Written by

Deb Hipp

Updated

Published

Business email compromise (BEC) is one of the most “financially damaging” online crimes, according to the FBI. With a BEC scam, the criminal sends what looks like a legitimate email asking you to provide sensitive personal information, wire money or buy gift cards.

“The scams are initiated through specifically developed ‘phish kits’ designed to mimic cloud-based email services in order to compromise business email accounts and request or misdirect transfers of funds,” according to the FBI.

Cloud-based email services are hosted subscription services that allow users to conduct business with online file storage, email, shared calendars and instant messaging. BEC scams have been reported in every U.S. state and 177 countries, according to the FBI.

BEC is a sophisticated scam that targets businesses that perform electronic payments, including wire or automated clearing house transfers. “The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques resulting in an unauthorized transfer of funds,” says the FBI.

You might think you’re too savvy to be tricked by a BEC scammer, but you could still end up an unwitting victim if you don’t know the red flags of this common scam.

Want to keep up with more financial news? Click here to sign up for our free newsletter.

Types of BEC scams

Criminals target BEC victims in a variety of ways, including via virtual meeting platforms where audio and video conferences, screen sharing and webinars are used to communicate with management and among employees.

Examples of ways criminals use virtual meeting platforms to conduct a BEC scam include:

  • Compromising a CEO’s, CFO’s or financial director’s email, asking employees to attend a virtual meeting. When you sign on, you see only a still photo of the purported initiator of the meeting. Scammers might even use “deep fake” audio manipulated with artificial intelligence (AI) techniques to impersonate the manager’s voice.
  • The imposter convener then instructs attending employees to transfer funds via the virtual meeting platform or chat further in a follow-up email.
  • Compromising a company’s email by posing as the CEO (or another management figure) and asking employees to transfer money because the CEO is tied up in a meeting and unable to personally transfer funds.
  • Compromising employee emails to invade workplace virtual meeting platforms to gain confidential information about the company.

Another common BEC tactic is “phishing” emails designed to steal email passwords and other account credentials. Once criminals compromise the email account, they look for financial transactions and then impersonate vendors or customers and instruct you to redirect future payments to fraudulent bank accounts.

Find out: How to Identify a Tax Debt Relief Scam

How to protect yourself from BEC scams

To avoid becoming a BEC scammer’s next victim, the FBI recommends businesses and employees take proactive steps, including:

  • Enable multi-factor authentication where the user must provide two or more pieces of evidence — PIN or password, company badge, fingerprints or voice recognition, for example — to verify their identity in order to gain access.
  • Verify all payments and transactions in person or through a known telephone number.
  • Make sure employees know about BEC scams, how to identify phishing emails and what to do if they suspect an email compromise.
  • Prohibit automatic email forwarding to external addresses.
  • Log and retain changes to mailbox logins and settings for at least 90 days.
  • Prohibit “legacy” email protocols such as IMAP, SMTP or POP3, which are easier targets for compromising sign-in attempts, according to Microsoft.
  • Prevent spoofing and validate email with Sender Policy Framework, DomainKeys Identified Mail, and Domain-based Message Authentication Reporting.
  • Keep an eye out for hyperlinks with the actual domain name misspelled.

Find out: Know These 5 Red Flags of a Fake Website

What to do if you’re a BEC victim

If you’re a victim of BEC fraud, contact the bank involved right away and ask it to recall transferred funds. Then file a complaint with the FBI Internet Crime Complaint Center (IC3) or report the BEC fraud to your local FBI field office.

Find out: 7 Signs of a Debt Settlement Scam

TrustScore 4.6

FREE DEBT ANALYSIS

Contact us at (844) 845-4219

What can we help you with?

Credit Card Debt
Student Loan Debt
Back Taxes
Fix My Credit
BBB Rating A+
United Way of Broward County in Florida

Related Articles

Cybersecurity cybercrime internet scam, business finance crypto currency investment

7 Tips to Avoid Cryptocurrency and NFT Scams

Published

Ready to invest in crypto and NFTs but don’t want to get scammed? Laura answers listener questions about who should…

Continue Reading
Hand waving a red flag

Know These 5 Red Flags of a Fake Website

Published

Don’t be fooled by scamsters out to steal your personal information with imposter sites.

Continue Reading
Take These 5 Steps if Your Email is Hacked

4 Ways Thieves Can Target You for Credit Card Theft

Published

Don’t put yourself at risk for credit card theft with these common mistakes.

Continue Reading
Explore More Articles

How Much Could You Save?

Just tell us how much you owe, in total, and we’ll estimate your new consolidated monthly payment.