We have seen an uptick in email fraud reports, with specific regard to business email compromise (BEC) campaigns.
In this type of fraud, scammers send an email message that appears to be a legitimate message coming from a known source. These emails often seem to be from a colleague, boss or company executive, trying to trick recipients into sending money or identity information, or even changing direct deposit information so that an employee’s paycheck will be redirected to an account controlled by the scammer.
The FBI offers these real examples of BEC emails that cost the victims thousands and thousands of dollars:
- A vendor your company regularly deals with sends an invoice with an updated mailing address.
- A company CEO asks their assistant to purchase dozens of gift cards to send out as employee rewards. They asked for the serial numbers so they could email them out right away.
- A homebuyer received a message from their title company with instructions on how to wire their down payment.
The emails also often convey a sense of urgency or secrecy to try and get the victim to reply more quickly.
How to Spot a Business Email Compromise Scam
At first glance, it can be difficult to identify a BEC attempt, as the sender and the information in the email may appear to be genuine. But knowing when to be suspicious will help you recognize a scam attempt.
While the spam emails can seem legitimate, the Center for Internet Security provides some things to watch out for that should make you question their authenticity:
Indicators of BEC spam emails can include:
- Poorly crafted emails with spelling and grammar mistakes.
- The wrong or an abbreviated signature line for the supposed sender.
- An indication that the email was sent from a mobile device.
- The use of full names instead of nicknames and a language structure may not match how the supposed sender normally communicates.
- That the only way to contact the sender is through email.
- The transactions are for a new vendor or new contact at a known vendor.
Preventing Email Fraud
There are steps you and your employees can take to ensure none of your staff falls victim to a BEC scam.
Interpol recommends taking the following actions to protect your company from BEC campaigns:
- Make sure that your email accounts are well protected, and your employees don’t share their passwords.
- Change passwords regularly and enable two-factor authentication on all your accounts whenever possible.
- Look carefully at the sender’s email address. Criminals often create an account with a very similar email address to your business partners so keep your eyes peeled.
- Spread the word so any colleagues dealing with bank accounts are aware of the scam.
- Enable spam filters and block all access to suspicious or blacklisted websites
- If you receive an email concerning a change of payment method or bank account, contact the payment recipient through another channel (phone) to verify this claim. Do not reply directly to the email.
- Verify the authenticity of websites before providing any personal or sensitive information.
- Do not click on attachments or links you aren’t expecting, even if they have innocuous sounding names (“invoice,” for example). They often contain malware giving access to monitor your email/computer activities.
How GTM Protects Your Data
Cybersecurity is a top priority at GTM, as it should be for any business. Protecting your company and employee data is paramount to allowing your company to grow and be successful.
GTM invests in ongoing security enhancements to protect your data. All staff undergo regular security training to prevent unauthorized data access and maintain internal protections.
We are compliant with the NY Department of Financial Services cyber security regulation (23 NYCRR 500).
When a client wants to change their banking information, we require them to fill out an authorization form that includes their current bank account info. This helps protect us from scammers, as the criminals usually do not have those details.
And GTM is a certified network partner of isolved, which maintains strong controls, state-of-the-art monitoring mechanisms, and financial processing expertise to detect threats and contain fraud risk.
Protecting your business starts with you, but you don’t have to do it alone. Our partner – OrbitalFire Cybersecurity – provides small businesses with everything they need to meet compliance requirements and secure their business. OrbitalFire is an award-winning cybersecurity firm trusted by thousands of small business customers.