Scams Target Business E-mails

Scams Target Business E-mails and have been for quite some time, decades even. The FBI IC3 division, known as Internet Crime Complaint Center has been warning since October of 2013 and they remain active. Two years later, in August of 2015 they reported an update for one of the scams, called Business E-mail Compromise scam, also known as(BEC) and offered new information for it and how scams target business emails worldwide.


Scams Target Business E-mails and Steal Accounts

Scams target business emails by hacking business accounts that involve wire transfer payments. Scams Target Business Emails

By stealing legitimate accounts, and switching them with bogus accounts, set up by the crooks, they trick businesses into transferring funds into the fake accounts.

The fraud has been reported using checks as well. This is done by keying on whatever is used in the normal course of transactions.


 Over A Billion Dollars Lost From Scams That Target Business Emails

The scam continues to grow and is now reported in all 50 states in the US and 79 countries, with most transfers going to Asian banks in China and HongScams Target Business Emails and cost billions in losses Kong.

The BEC losses including attempted losses worldwide from October 2013 to August 2010 now total over $1.2 billion.

Internet scams and frauds are targeting banks and business e-mails all over the world.


Malware Intrusion Dangers For Scams That Target Business Emails

It starts as a phishing scam from a seeming legitimate source, but it contains malware. Whenever the email is opened it infects the computer and allows access to all the financial data and passwords.

Scams Target Business E-mails through malware
MALWARE

Once this happens, it is the same as an attack on your personal computer at home, or identity theft of the business accounts.

Initially 3 versions of the BEC were being used. Now a fourth version has appeared. People claiming to be lawyers, or financial representatives, contact the victims.

Then, they begin to pressure them into acting quickly and secretly with these so called confidential and sensitive matters.

By timing the transactions with the close of business of the institutions, they portray a sense of urgency.

By doing this they can get the victims to act quickly and likely bypassing the normal security checks.


Possible Actions For Prevention

The scam has caused institutions to delay the requests for transfers in order to verify the transactions first. By doing this it has resulted in some detection. Other recommendations for businesses are:

  • Create detection systems to flag similar email addresses that are frauds.
  • Register all company domains that are different in any way.
  • Have several security checks for vendor payments and locations.
  • Use two factor phone verification of requests of transfers of funds.
  • Know your customers habits and verify details of the transactions.
  • Screen all e-mails for anything suspicious.

Additional information is publicly available on the United States Department of Justice website.

Read www.justice.gov publication entitled “Best Practices for Victim Response and Reporting of Cyber Incidents”.


If You Suspect Fraud

  • Contact you bank immediately.
  • Request they contact any institution involved.
  • Contact the FBI. They may be able to return or freeze funds.
  • File a complaint with  www.IC3.gov.

 

It Is Important To Identify Your Complaint As BEC Crime

Also consider including:

  •  Business Name-Financial Institution, and address.
  •  Account number, and beneficiary name.
  •  Beneficiary financial institution, account number, and address.
  •  Dates, and amounts transferred. Also, IP and e-mail addresses.

 

Provide Descriptions Of BEC Incidents

  •  Dates and Times
  • Suspect invoices, or letterheads.
  •  Any secrecy or urgency requests.
  •  Record all unusual phone calls, e-mails, timing of them, ect.
  •  Any unusual foreign accents of callers.
  •  Grammatical errors or poor wording in letters and e-mails
  •  Any previous phishing activity.

The key is to report any activity quickly. This ensures investigations start as soon as possible and keep the data fresh.

If you have any questions or a story you would like to share, leave your comment below and I will get back to you ASAP!

Chas

Find out how to avoid scams and frauds with my #1 recommendation.

Learn How You Can Live Your Dream and Work at Home

Red Button No Credit Card Needed-Wealthy Affiliate sign up

 

 

Leave a Comment