Have you heard of Business Email Compromise? Also known as CEO impersonation or cyber-enabled financial fraud, it’s a growing crime affecting companies of all sizes, according to the FBI’s Internet Crime Complaint Center. The center estimates that from October 2013 to May 2018, total known worldwide losses to BEC scams reached $12.5 billion.
Business Email Compromise is a sophisticated type of cyber crime that targets employees who have the task of initiating wire transfers or who may work with outside suppliers and vendors. Attackers may hack into the email account of your institution’s executives or high-ranking employees or send a ‘spoof’ e-mail that looks like it is from an authorized individual. In the most sophisticated forms of this scam, the e-mail is sent when the authorizing employee is on vacation or difficult to reach. These types of scams are getting more difficult to spot, with the wire transfer request designed to appear genuine to the targeted employee.
That’s why when initiating wire transfers, employees should examine the email address closely, to make sure the email address has not been altered in a subtle way. Oftentimes a fake e-mail address will be identical to the real thing with the exception of a small change, such as a capital letter changed into a lowercase one.
Employees also should always follow up on the wire transfer request with a phone call or in-person visit to the authorizing employee’s office, if possible, to verify that the request is valid. Do not simply rely on an email reply to verify a wire transfer request.
If your institution does not currently have a process in place to handle suspicious requests when it comes to the handling of funds, recommend one be put in place by your management team. Make sure any requests to move funds or process wire transfers include multiple forms of verification, including phone calls, face-to-face conversations or multi-step procedures.