It is well documented that cybercrime attacks are rapidly on the rise, especially against small businesses. And as cybercriminals continue to develop increasingly stealthy and sophisticated tactics, unsuspecting employees are among the most frequently targeted victims.
Business Email Compromise (BEC) schemes, also known as CEO fraud, are a cybercriminal favorite. Through a successful phishing scheme or by simply visiting a public domain, scammers typically familiarize themselves in advance with knowledge of a target business’ policies and management roles. They will often then attempt to first gain the trust of an employee before eventually duping him or her into transferring fraudulent payments.
Using any inside information they’ve obtained, scammers will generate a fake email designed to appear coming from a senior management member requesting a financial transfer be made to a private account, while promising to send an invoice at a later time (which never comes). The scammers will often even ask victims if they are in the office or sitting at their desk before engaging in a discussion on how to complete a transfer. Once this occurs, the money of course does not get transferred within the organization, but rather into the accounts of online criminals. According to the FBI, CEO scams have resulted in an estimated loss of $3.1 billion.
To avoid becoming a victim of business email fraud, always be suspicious of emails demanding action not in line with your company policy,including communication appearing to be sent and authorized by senior management. Users are also urged to not click Reply if they believe the message looks suspicious. Instead, write and send a new message directly to the known corporate address of the person claiming to have sent the original message. This will remove any potential scammer from further communication.