How to Prevent Business Email Compromise

Maintaining a secure work environment and minimizing fraud are key for business owners today.

One commonly perpetrated type of fraud can be especially costly: business email compromise, more commonly known as BEC. BEC involves a request for a transfer of funds or payment that comes from a hacked or fake account. Often, the sender’s domain and actual email will look very legitimate.

Criminals reportedly stole nearly $750 million from more than 7,000 U.S. businesses from October 2013 to August 2015, according to the FBI. The FBI also estimates that more than $1.2 billion has been lost due to BEC scams when domestic and international cases are combined. Unfortunately, BEC scams often fall outside the provisions of insurance coverage and government protections because companies intentionally send the money.

How can you prevent this type of fraud from happening to your business?

Make sure your employees are trained to recognize the signs of BEC. One very effective way to do this is to have your IT department send simulated phishing attacks.

Implement a detection system that flags emails with extensions that are similar to your company’s email domain.

Carefully evaluate all email requests for funds transfers to determine if the requests are legitimate. Be especially wary of those that are urgent, marked confidential or arrive just before the weekend or a holiday. Often, a simple confirmation phone call to a number you already have on hand (i.e., not a phone number found in the email) can prevent a fraudulent transaction from occurring.

Verify any changes in vendor payment locations or accounts via phone or by using two-factor authentication, such as having a second person at the company sign off on a transfer or payment.

If you’d like more information about what you can do to prevent BEC at your organization, please contact Ray Abbott at [email protected].