{"id":13069,"date":"2022-11-09T09:15:19","date_gmt":"2022-11-09T14:15:19","guid":{"rendered":"https:\/\/gtm.com\/business\/?p=13069"},"modified":"2022-11-09T09:15:19","modified_gmt":"2022-11-09T14:15:19","slug":"business-email-compromise-scams","status":"publish","type":"post","link":"https:\/\/gtm.com\/business\/business-email-compromise-scams\/","title":{"rendered":"How to Avoid Business Email Compromise (BEC) Scams"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-13070\" src=\"https:\/\/gtm.com\/business\/wp-content\/uploads\/2022\/11\/pexels-solen-feyissa-5744250.jpg\" alt=\"Business email compromise scams\" width=\"1024\" height=\"683\" srcset=\"https:\/\/gtm.com\/business\/wp-content\/uploads\/2022\/11\/pexels-solen-feyissa-5744250.jpg 1024w, https:\/\/gtm.com\/business\/wp-content\/uploads\/2022\/11\/pexels-solen-feyissa-5744250-980x654.jpg 980w, https:\/\/gtm.com\/business\/wp-content\/uploads\/2022\/11\/pexels-solen-feyissa-5744250-480x320.jpg 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1024px, 100vw\" \/>We have seen an uptick in email fraud reports, with specific regard to <a href=\"https:\/\/www.zdnet.com\/article\/this-sneaky-fraud-attack-looks-like-an-email-forwarded-by-your-boss\/\" target=\"_blank\" rel=\"noopener noreferrer\">business email compromise (BEC)<\/a> campaigns.<\/p>\n<p>In this type of fraud, scammers send an email message that appears to be a legitimate message coming from a known source. These emails often seem to be from a colleague, boss or company executive, trying to trick recipients into sending money or identity information, or even changing direct deposit information so that an employee\u2019s paycheck will be redirected to an account controlled by the scammer.<\/p>\n<p>The <a href=\"https:\/\/www.fbi.gov\/how-we-can-help-you\/safety-resources\/scams-and-safety\/common-scams-and-crimes\/business-email-compromise\" target=\"_blank\" rel=\"noopener noreferrer\">FBI<\/a> offers these real examples of BEC emails that cost the victims thousands and thousands of dollars:<\/p>\n<ul>\n<li>A vendor your company regularly deals with sends an invoice with an updated mailing address.<\/li>\n<li>A company CEO asks their assistant to purchase dozens of gift cards to send out as employee rewards. They asked for the serial numbers so they could email them out right away.<\/li>\n<li>A homebuyer received a message from their title company with instructions on how to wire their down payment.<\/li>\n<\/ul>\n<p>The emails also often convey a sense of urgency or secrecy to try and get the victim to reply more quickly.<\/p>\n<h2>How to Spot a Business Email Compromise Scam<\/h2>\n<p>At first glance, it can be difficult to identify a BEC attempt, as the sender and the information in the email may appear to be genuine. But knowing when to be suspicious will help you recognize a scam attempt.<\/p>\n<p>While the spam emails can seem legitimate, the <a href=\"https:\/\/www.cisecurity.org\/insights\/white-papers\/security-primer-business-email-compromise\" target=\"_blank\" rel=\"noopener noreferrer\">Center for Internet Security<\/a> provides some things to watch out for that should make you question their authenticity:<\/p>\n<p>Indicators of BEC spam emails can include:<\/p>\n<ul>\n<li>Poorly crafted emails with spelling and grammar mistakes.<\/li>\n<li>The wrong or an abbreviated signature line for the supposed sender.<\/li>\n<li>An indication that the email was sent from a mobile device.<\/li>\n<li>The use of full names instead of nicknames and a language structure may not match how the supposed sender normally communicates.<\/li>\n<li>That the only way to contact the sender is through email.<\/li>\n<li>The transactions are for a new vendor or new contact at a known vendor.<\/li>\n<\/ul>\n<h2>Preventing Email Fraud<\/h2>\n<p>There are steps you and your employees can take to ensure none of your staff falls victim to a BEC scam.<\/p>\n<p><a href=\"https:\/\/www.interpol.int\/en\/Crimes\/Financial-crime\/Business-Email-Compromise-Fraud\" target=\"_blank\" rel=\"noopener noreferrer\">Interpol<\/a> recommends taking the following actions to protect your company from BEC campaigns:<\/p>\n<ul>\n<li>Make sure that your email accounts are well protected, and your employees don\u2019t share their passwords.<\/li>\n<li>Change passwords regularly and enable two-factor authentication on all your accounts whenever possible.<\/li>\n<li>Look carefully at the sender\u2019s email address. Criminals often create an account with a very similar email address to your business partners so keep your eyes peeled.<\/li>\n<li>Spread the word so any colleagues dealing with bank accounts are aware of the scam.<\/li>\n<li>Enable spam filters and block all access to suspicious or blacklisted websites<\/li>\n<li>If you receive an email concerning a change of payment method or bank account, contact the payment recipient through another channel (phone) to verify this claim. <strong>Do not reply directly to the email.<\/strong><\/li>\n<li>Verify the authenticity of websites before providing any personal or sensitive information.<\/li>\n<li>Do not click on attachments or links you aren\u2019t expecting, even if they have innocuous sounding names (\u201cinvoice,\u201d for example). They often contain malware giving access to monitor your email\/computer activities.<\/li>\n<\/ul>\n<h2>How GTM Protects Your Data<\/h2>\n<p>Cybersecurity is a top priority at GTM, as it should be for any business. Protecting your company and employee data is paramount to allowing your company to grow and be successful.<\/p>\n<p>GTM invests in ongoing security enhancements to protect your data. All staff undergo regular security training to prevent unauthorized data access and maintain internal protections.<\/p>\n<p>We are compliant with the NY Department of Financial Services cyber security regulation (23 NYCRR 500).<\/p>\n<p>When a client wants to change their banking information, we require them to fill out an authorization form that includes their current bank account info. This helps protect us from scammers, as the criminals usually do not have those details.<\/p>\n<p>And GTM is a certified network partner of <a href=\"https:\/\/www.isolvedhcm.com\/trust-center\/security\" target=\"_blank\" rel=\"noopener noreferrer\">isolved<\/a>, which maintains strong controls, state-of-the-art monitoring mechanisms, and financial processing expertise to detect threats and contain fraud risk.<\/p>\n<p>Protecting your business starts with you, but you don\u2019t have to do it alone. Our partner \u2013 <a href=\"https:\/\/orbitalfire.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">OrbitalFire Cybersecurity<\/a> \u2013 provides small businesses with everything they need to meet compliance requirements and secure their business. OrbitalFire is an award-winning cybersecurity firm trusted by thousands of small business customers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Learn what business email compromise (BEC) scams are and what you can do to avoid them at your business.<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[232],"tags":[287,104,119,18],"post_folder":[],"class_list":["post-13069","post","type-post","status-publish","format-standard","hentry","category-gtm-biz-blog-isolved","tag-cybersecurity","tag-data-security","tag-email","tag-employer-policies"],"_links":{"self":[{"href":"https:\/\/gtm.com\/business\/wp-json\/wp\/v2\/posts\/13069","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gtm.com\/business\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gtm.com\/business\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gtm.com\/business\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/gtm.com\/business\/wp-json\/wp\/v2\/comments?post=13069"}],"version-history":[{"count":1,"href":"https:\/\/gtm.com\/business\/wp-json\/wp\/v2\/posts\/13069\/revisions"}],"predecessor-version":[{"id":13071,"href":"https:\/\/gtm.com\/business\/wp-json\/wp\/v2\/posts\/13069\/revisions\/13071"}],"wp:attachment":[{"href":"https:\/\/gtm.com\/business\/wp-json\/wp\/v2\/media?parent=13069"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gtm.com\/business\/wp-json\/wp\/v2\/categories?post=13069"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gtm.com\/business\/wp-json\/wp\/v2\/tags?post=13069"},{"taxonomy":"post_folder","embeddable":true,"href":"https:\/\/gtm.com\/business\/wp-json\/wp\/v2\/post_folder?post=13069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}