Business Email Compromise (BEC) Scams

by Amanda Bernard, CPA, CFE, CMA

​abernard@maillie.com

Business Email Compromise (BEC) occurs when an attacker gains access to a corporate email account or creates a similar one and spoofs the owner’s identity in order to defraud the company or its employees, customers or other business partners.  In a BEC scam, the attacker will typically use the identity of someone on a business network to trick the target into sending money or data to the attacker’s account.  The most common victims of BEC are companies that use wire transfers to send money to international clients. 

Examples of such scams include:

• Attackers gain access to an employee account and send an illegitimate invoice to the organization’s vendors.
• A compromised employee email account is used to request a change in payee information in order to divert funds from a legitimate invoice payment to the attacker’s accounts.
• In CEO fraud scams, the attacker pretends to be an executive of the company and requests an employee or other business partner make an emergency payment.
• A contractor or service provider’s email identity is compromised, and emails are used to pressure the organization for immediate payment or to request confidential information.
• A human resources or information technology employee’s email account is compromised and used to solicit sensitive information from employees, such as passwords.

 

The best method to prevent business email compromise is employee education.  Employees need to be aware of the risks of email scams and understand the red flags that can be used to identify fraudulent emails.  Employees should be instructed to verify any request for payment received via email by communicating with the individual making the request using another method, such as a phone call.  In addition, the organization should properly secure its vendor payment account information.  Restrictions should be in place to prevent payments from going to a bank account that is different from the bank account listed in the vendor master file.  Also consider implementing secondary signoff processes requiring all changes to vendor payment accounts be authorized by two individuals.