Business Email Compromise
Posted on Wednesday, August 09, 2017
Business email compromise (BEC) scams are unfortunately becoming more common. According to the FBI Internet Crime Complaint Center (IC3), there was a 2,370% increase in identified exposure losses between January 2015 and December 2016. The scam has been reported in all 50 states and 131 countries.
During BEC scams, email accounts are targeted to try and trick employees into making payments or providing sensitive information to fraudulent accounts. The attacker normally sends a fake email that appears to be legitimate from someone in management (CEO, Executive Director, CFO, etc.) with instructions to wire cash, make a payment or request sensitive information. Wire transfers are typical requests because as soon as the transfer is made the attacker has the organization’s money. Often times the email is sent when the Executive Director or CFO is out of the office, making it more difficult for the employee to confirm the request.
Here are a few recommendations that you can implement to help protect your organization.
- Make sure you have firewalls installed and that they are kept up to date.
- Back up all of your data daily and store offsite, either in the Cloud or in a separate physical location.
- Implement an IT policy that includes information on internet usage by employees.
- Avoid web-based free email accounts.
- Hover your curser over email addresses and links to see the full address. Be aware of lookalike addresses that are phony.
- Verify emails by calling the sender to confirm the legitimacy of the email.
- Do not respond to requests made via text messages.
- Do not click on attachments from unfamiliar email addresses.
- Educate your employees.
- Be careful as to what is posted to social media sites giving away organizational information or out of office details of individuals.
- Confirm requests for fund transfers.
- Contact your financial institution to find out about fraud prevention services that they offer, for example positive pay to protect against check fraud.
- Many insurance companies also offer cyber crime coverage to help protect against data breaches and cyber attacks. Make sure you read your policy as some insurance companies require organizations to utilize their financial institution fraud protection for the insurance policy to apply.
Posted by: Carrie Minnich, CPA
Posted in Mission Minded Nonprofits
Disclaimer: The information contained in Dulin, Ward & DeWald’s blog is provided for general educational purposes only and should not be construed as financial or legal advice on any subject matter. Before taking any action based on this information, we strongly encourage you to consult competent legal, accounting or other professional advice about your specific situation. Questions on blog posts may be submitted to your DWD representative.