The FBI has sent out a warning via its website about the dramatic increase in business email compromise (BEC) scams.
BEC scams target businesses by spoofing company emails or social platforms and pretending to be someone higher up in the business – usually the CEO, company attorney, or someone else in a trusted position.
After analyzing their target, usually an employee that handles financials for the business, the scammers request a seemingly legitimate wire transfer. The employee, thinking that the request is coming from an internal source at the company, grants the transfer and the company loses money.
These scams are proliferating at an alarming rate, according to the FBI. The agency states that there were over 17,000 reports from victims all over the world from October of 2013 to February of this year, accounting for over $2.3 billion in losses for affected companies.
Since January of 2015, the FBI estimates that there has been a 270% increase in identified victims and exposed loss, with companies in states like Arizona losing between $25,000 and $75,000 for each successful scam.
What to do
In order to curb the dangerous growth of these scams, the FBI has released tips that companies can follow in order to lower their risk of falling for a BEC scam. It says that employees should always be on the lookout for phony emails, especially those that may be trying to mimic the company’s layout.
Employees should also be skeptical about wire transfer requests that are made solely by email and that stress urgency. These kinds of transactions should always be verified either in person or with a phone call using trusted contact information.
Companies can lower their risk even more by setting up multi-level authentication as a general practice. This requires that employees and management take additional security steps in order to perform an action, such as verifying a wire transfer or other transaction.
If you fear that you’ve fallen victim to a BEC scam, the FBI encourages you to contact your financial institution right away to report it; companies should also request that the financial institution where the payment is going be contacted. Lastly, companies should report the scam to the Internet Crime Complaint Center (IC3), regardless of how much money was lost.