Business Email Compromise Fraud Continues
Business Email Compromise (BEC) Fraud continues to be popular
NBT Bank has recently noticed an increase in a type of fraud referred to as “Business Email Compromise or BEC”, and the way in which fraudsters are targeting businesses continues to change. Most often there is an attempt to get funds out the door via wire or ACH although other channels such as check could also be attempted.
Business Email Compromise (BEC) scams happen when an email account is compromised or spoofed, and an employee is convinced to wire money to a fraudster. The fraudster is able to fool an employee into submitting a wire transfer by posing as a supplier, vendor, co-worker, or business partner, and the email request may look like it is coming directly from your supplier, or may be part of an email chain you have had with your legitimate supplier in the past. When submitted, the transaction appears to be completely legitimate to the company's financial institution, and confirmation calls or other methods of verification may not be effective if verification is being made to the employee who submitted the request, as this employee believes they have been communicating with an established supplier or sales representative.
Always verify a request with a phone call to the individual who is sending it to you at a known number. Trust your gut! If something feels off about the communication; email signatures, grammar, spelling errors, request coming from someone who normally wouldn’t request this, etc. Don’t send any money without verifying.
How to protect yourself:
- Check to see if the request is consistent with how earlier wire payments have been made. Is your supplier asking you to wire funds to a new bank account or different location?
- Look carefully for small changes in email addresses that mimic legitimate email addresses. Do not rely on the display name shown, and always look for differences between the domain (@yahoo vs. @gmail) or sender name (ABCSupplies@ vs. ABCSupply@).
- Use an alternate method of communication to verify the identity of the person requesting the funds transfer. If the request is an email, then call and speak to the person using a known phone number to get a verbal confirmation for the request.
- Implement dual control approvals with your bank for wire transfer requests. If an employee submits a request for a wire transfer, have a different employee who is aware of Business Email Compromise and is willing to ask the right questions provide approval to your financial institution.
- Spread the word. Coach your employees about this type of fraud and the warning signs.
If you have any questions, please contact NBT Bank Treasury Management Support at 1.833.NBT.4BIZ (628-4249), option 5.