Be Alert - Spot The Signs of a Business Email Compromise Scam
Defending against scams starts with awareness. As fraudsters become increasingly sophisticated and brazen with their schemes, Country Club Bank is working to educate clients about some of the most common scams—and how to spot them. One scam that’s becoming increasingly prevalent is Business Email Compromise (BEC). Here’s some information you can provide to your clients so they can safeguard themselves and their businesses.
In a BEC scheme, scammers manipulate employees into providing sensitive information (usernames, passwords, credit card numbers, PIN numbers, etc.) by pretending to be a vendor, bank or other source they know and trust.
The scammer slightly manipulates an email address, sender’s name, phone number or website. The change is intentionally subtle, often involving just one letter, number or symbol so you think it’s legitimate at first glance.
Scammers then either sell that information or use it themselves to access systems and networks, including your business’s accounts—potentially even your customers’ accounts.
Don’t Fall for These Common Examples of BEC
A scammer pretending to be your vendor sends an email saying there’s been a problem with a recent purchase you’ve made—and asks you to click on a link for details. Unfortunately, if you click it, you may download malware. Malware can interfere with the security of your device and provide unauthorized access to information stored on it. Or, the link may lead to a login page that requests the username and password to your account. If you engage, you will hand the scammer the key to your financial accounts—and possibly to those of your customers too.
OR
An employee receives an email from a "manager” with instructions to purchase multiple gift cards for employee gifts—and asks you to email the serial numbers so the “gifts” can be sent right away. Of course, the “manager” is a scammer, and once you’ve provided the serial numbers, your company is out the money spent on the gift cards.
Recognizing BEC Scammers
Scammers continue to become more sophisticated, but these telltale signs in emails should put your team on alert:
- Misspelled words and incorrect grammar; typos; unprofessional language; URLs/email addresses with one character changed
- A “problem” with an account or payment information, requiring you to click a link to provide sensitive account information, your business’s federal tax ID, etc.
- Requests to verify a password
- Messages about suspicious activity or login attempts on an account
- Scare tactics and high-pressure language requesting that you act urgently
- Pop-up windows requesting your username and password
- Instructions for a specific payment method (wire transfer, gift card, payment app)
How to Protect Yourself
Treat any request for your financial or other sensitive information with caution.
- Use a known phone number to call vendors to validate “changes” made to your account information. Don’t call the phone number on the “invoice” or email.
- If you receive a suspicious message that appears to be from your bank, call the bank directly to verify its authenticity.
- Ensure the spam filter is activated on your company email system and use email authentication so spoofed email messages aren’t as likely to land in employee inboxes.
- Create a password policy. Use random and strong passwords consisting of uppercase and lowercase letters, numbers and symbols. Train employees not to use passwords related to work or personal information or any other identifying information.
- Keep operating systems, browsers and antivirus software updated.
- Create a process for verifying invoices and payments and train staff on it to ensure major expenditures can’t be triggered by an unexpected email.
- Do not open attachments or click on links from an unfamiliar source.
- Because scammers often target multiple employees, train employees to alert managers and co-workers about the situation.
If You Are Scammed …
If a scammer is successful in obtaining information from you or your employees, the sooner you take the following actions, the better:
- Let your bank know your company may have been the victim of a scam.
- Contact other financial institutions you do business with and your creditors in case the scammer tries to contact them using the information they obtained from you.
- Change your logins, passwords and PINs. If you use the same passwords and logins across multiple accounts, change them all.
- Place a fraud alert on your credit reports and review them for suspicious activity.
- File a report with the police.
- Have an IT professional scan for malware/viruses and clean your computer.
Country Club Bank Fraud Protection Products and Services
Country Club Bank is committed to your financial security and takes all necessary precautions to protect your financial information, including these products and services you may need to efficiently run and protect your organization:
Interested in any of the products mentioned above? Contact your banker today to learn more.
Country Club Bank - Member FDIC