Business email fraud is something that every business should be vigilant of. Business email compromise is a sophisticated effort that targets businesses working with foreign suppliers and businesses that regularly perform wire transfer payments. These schemes have resulted in nearly $200 million in losses in the United States. Businesses that perform any type of electronic payments or check payments are also at risk.
Here are several sample scenarios that your company should watch out for:
- The Bogus Invoice Ruse: A business with which the target company has a long-standing relationship receives a false invoice and is asked to transfer funds via wire to an alternative fraudulent account.
- The CEO Fraud Ruse: The email of a high-level executive in a company has been hacked. The fraudster posing as the executive then emails the individual in the company normally responsible for sending payments to send funds to an alternative, fraudulent account.
- The Personal Email Ruse: The fraudster takes over the personal email of an employee within the business responsible for requesting payments from vendors. The vendors then make the payments to a fraudulent address or account.
What to look out for
Here are some common features to all these ruses. By being aware of them you can help protect your company against fraud.
- The target companies have used free web-based email for business purposes.
- The fraud artists have identified persons in the target company responsible for making payments.
- The spoofed emails very closely copy legitimate historical requests and use amounts similar to historical levels in order to avoid suspicion.