Business Email Compromise (BEC) is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
Most victims report using wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim's normal business practices.
How to avoid becoming a victim of a BEC scam
First and foremost – be alert! If something feels "off" about an email asking to wire money, listen to your gut and follow up with the person who's (supposedly) asking for the wire transfer in person or via phone to confirm the request.
It's best to establish a specific process for wire transfers within your company – especially if it's a large amount. The FBI urges businesses to adopt two-step or two-factor authentication for email, where available, or to establish other communication channels — such as telephone calls — to verify significant transactions. In other words, a wire transfer could not occur until it has been confirmed using a second method of communication.
It's also important to be aware of information you are posting about your business online. Attackers perpetrating these schemes often will try to discover information about when executives at the targeted organization will be traveling or otherwise out of the office through social media platforms.
What to do if you are a victim
If funds are transferred to a fraudulent account, it is important to act quickly:
- Contact Colonial Savings immediately upon discovering the fraudulent transfer.
- Request that Colonial Savings contact the corresponding financial institution where the fraudulent transfer was sent.
- Contact your local Federal Bureau of Investigation (FBI) office if the wire is recent. The FBI, working with the United States Department of Treasury Financial Crimes Enforcement Network, might be able to help return or freeze the funds.
- File a complaint, regardless of dollar loss, with www.IC3.gov.