Avoid Falling Victim To BEC Scams
Among the most common types of payment and business fraud is Business Email Compromise (BEC), and understanding BEC will help protect you from falling victim to these schemes. BECs are sophisticated schemes where cybercriminals disguise themselves as trusted entities to trick you or your business into redirecting funds. Cybercriminals leverage information about you and your business using social networking, data breaches, and public information and use you or your employees to commit fraud for them. Cybercriminals are masters at looking for opportunities to deceive you and learning to spot a potential BEC is crucial in helping maintain your company and assets safe. A Sense Of Urgency
BECs will usually mimic or follow normal business interactions and transactions, however, they will include a change of some sort and/or a sense of urgency.
The criminals first gain access to an email account through a phishing link or attachment.
Once a criminal has access, they observe normal email patterns and wait for the opportunity to intercept or modify a monetary transaction such as a wire transfer or ACH.
The most common way criminals intercept transactions is by requesting a change in payment method or recipient bank account.
This may come in the way of a fake invoice or wire transfer or ACH request.
Real Estate Transactions Under Target Real Estate transactions are increasingly compromised since most involve a large financial transaction and the routine use of unsecured email communications among parties. The most common targets of this scheme are Title Companies and Law firms involved in Real Estate Transactions. Through email hacks, these communications which obtain sensitive information and documents are leveraged to commit fraud.
The scheme always includes the compromise of an email account and manipulating the communications between parties. Once the parties and identities involved in a real estate closing transaction are known to the criminal, they monitor email activity and intercept document
The final step is to take on the identity of one of the parties, such as the Real Estate agent, attorney, or and divert funds to a different bank account.
What Can You Do? There are several steps you can take to protect yourself against these types of attacks.
Always keep a close eye on email addresses and wire instructions.
Use secure email methods to communicate between parties.
Confirm any change to a wire transfer or bank account by speaking to the person, via phone, or in person.
Refer to industry resources like the National Association of Realtors that offer tips on recognizing spoofed emails and offer fraud information.
Training your team on fraud awareness is key, as well as implementing controls to transactions. Such as:
Establishing financial limits on the transactions that occur in your business.
Establishing dual control reviews and/or approvals for payments to third parties.