Business email compromise (BEC) scams target domestic and foreign businesses that regularly perform payment transfers. And this continues to be a number one fraud threat for organizations.
Data from the FBI estimates that the total loss of this global threat to be in excess of $5 billion (Source: FBI data). This data helps illustrate the need for heightened awareness and vigilance.
To shield your organization from fraud, there are several internal control enhancements and security practices to consider.
While no single control or set of controls will prevent your organization from being a target, we suggest these five tips to prevent your organization from falling victim to BEC:
Contact the requestor by phone using an independently obtained phone number or one that you already have on file. Pay special attention to transfers requested to new or recently updated accounts. Nearly all BEC scams can be stopped in their tracks if organizations adopt this basic control.
Dual control allows for two levels of scrutiny and authorization to help stem the risk of illegitimate funds transfers.
Fraudsters may leverage actual accounts of executives with email credentials pilfered from spear phishing campaigns. Multi-factor authentication adds another layer of control to deter cyber crooks from accessing employee accounts.
Notify your key banking partners and information security staff immediately if you suspect BEC. If appropriate, contact law enforcement and file a complaint with the FBI Internet Crime Complaint Center.
Evaluate staff compliance with internal controls by using real-world security awareness testing.
Finally, review your current payment controls to keep your organization safe from BEC.
For more on how to protect your organization from BEC, check out these articles:
Contact U.S. Bank for help with your fraud prevention plan.