BEC: 5 tips to keep your organization safe

To help shield your organization from fraud, we recommend you implement internal controls and security best practices.

Tags: Fraud protection, Risk mitigation, BEC
Published: August 12, 2019

Business email compromise (BEC) scams target domestic and foreign businesses that regularly perform payment transfers. And this continues to be a number one fraud threat for organizations.

Data from the FBI estimates that the total loss of this global threat to be in excess of $5 billion (Source: FBI data). This data helps illustrate the need for heightened awareness and vigilance.

To shield your organization from fraud, there are several internal control enhancements and security practices to consider.

While no single control or set of controls will prevent your organization from being a target, we suggest these five tips to prevent your organization from falling victim to BEC:

1. Confirm and verify email requests for fund transfers

Contact the requestor by phone using an independently obtained phone number or one that you already have on file. Pay special attention to transfers requested to new or recently updated accounts. Nearly all BEC scams can be stopped in their tracks if organizations adopt this basic control.

2. Use dual control for money movement activities

Dual control allows for two levels of scrutiny and authorization to help stem the risk of illegitimate funds transfers.

3. Use multi-factor authentication for web-based email accounts

Fraudsters may leverage actual accounts of executives with email credentials pilfered from spear phishing campaigns. Multi-factor authentication adds another layer of control to deter cyber crooks from accessing employee accounts.

4. Communicate quickly when fraud or security events occur

Notify your key banking partners and information security staff immediately if you suspect BEC. If appropriate, contact law enforcement and file a complaint with the FBI Internet Crime Complaint Center.

5. Create awareness within your organization

Evaluate staff compliance with internal controls by using real-world security awareness testing.

Finally, review your current payment controls to keep your organization safe from BEC.


For more on how to protect your organization from BEC, check out these articles:

Contact U.S. Bank for help with your fraud prevention plan.


©2020 U.S. Bank.