Business Email Compromise Fraud

Business Email Compromise (BEC) scams are a specific type of crime that rely on social engineering tools (like phishing) for tricking targeted employees / staff into believing and acting in a certain way.

False Invoice Scam: The phisher pretends to be a legitimate vendor requesting payment for services performed for the company but changes the bank account information to an account controlled by them.

CEO Fraud: The attacker sends an email, supposedly from the CEO / Senior Management instructing the recipient to take some business action.

Account Compromise: This attack takes advantage of a compromised email account within an organization. With this access, the attacker requests invoice payments from customers while changing the payment details to those of the attacker.

Employee Data Theft: This type of attack targets HR and Finance personnel and attempts to steal sensitive information about an organization’s employees.

Here are a few suggested fraud prevention tips and best practices:

• Educate yourself and your employees on BEC scams
• Do take a minute to go through security advisories issued by your company from time to time
• Create intrusion detection system rules that can flag e-mails with extensions that are similar to legitimate company e-mail IDs
• Don’t switch payment methods, without multiple sources of confirmation. Confirm requests for change in banking details or transfers of funds by adding an additional two-factor authentication (2FA).
• When using phone verification as part of 2FA, use previously registered and known numbers, not numbers provided in the e-mail requesting the change.