Current Risks, Best Practices
To help mitigate the risk of Business Email Compromise, we suggest implementing the following practices.
Current Risks
What would you do if an executive in your company contacts you directly by email and gives you instructions to wire money for a business expense? Many would satisfy the request immediately and move on to the next task at hand. Fraudsters know this and are using this type of strategy to steal millions of dollars. It is known as Business E-mail Compromise (BEC).
This type of scam is being perpetrated on a global scale and targets those responsible for the movement of money within a company by instructing them to wire a large sum to a specific account. The email containing this request appears to come from an executive within the organization, lending validity to the scam and creating a sense of urgency. The fraudulent email request may even attach very realistic looking invoice or wire transfer instructions to the message. The scam usually requests an email confirmation when the transfer is complete which enables the fraudster to withdraw or move the funds immediately, negating the ability to recover the dollars.
Because these scams can look very professional, contain legitimate looking documentation, and appear to come from a known company executive, many savvy business professionals have fallen victim to this crime.
Best Practices
To help mitigate the risk of Business Email Compromise, we suggest implementing the following practices:
- Be suspicious of requests for secrecy or pressure to take action quickly even if the request is from someone you know and trust.
- Validate the legitimacy of an email request by personally speaking to the requester prior to executing any wire transfer.
- Avoid free Web-Based E-mail. Instead, purchase a company web site domain and use it to establish company e-mail accounts in lieu of free, web-based accounts.
- Be careful regarding posts to social media and company websites, especially job duties/descriptions, hierarchal information, and out of office details. This information is frequently used by the fraudster to help legitimize their requests.
- Beware of sudden changes in business practices. For example, if a current business contact suddenly asks to be contacted via their personal e-mail address when all previous official correspondence has been on a company e-mail, the request could be fraudulent.
- If something seems odd, stop and validate the legitimacy of the request. In most cases, once funds are wired, they are very difficult to retrieve.
If you would like additional information on this threat or ways in which you company could help mitigate the risks, please contact your Fifth Third Bank Relationship Manager.