Feb 27, 2020 | Compliance & Regulation
Preventing business email compromise
A guide by Western Union's fraud prevention team
Fraud impacting businesses can be both general frauds that target any company, to sector-specific frauds. Corporate fraud can be any fraud committed against a business.
The media, and particularly the FBI, has highlighted the growing problem with corporate fraud and in particular, business email compromise. The latest figures from the FBI IC3* have calculated that businesses globally have suffered over US$26.2 Billion in losses due to business email compromise since 2016. The FBI suspects that business email compromise is a very small proportion of reports and the true figure is much higher.
Between 2018 and mid 2019 businesses globally lost an estimated US$8.3 Billion to business email compromise attacks.
Hong Kong and China are regarded as ‘ground zero’ for such instances of fraud but most gangs operate from Nigeria and utilise the bank structures elsewhere.
Western Union Business Solutions and fraud
Improving the client end-to-end experience is extremely important to everyone at Western Union Business Solutions (WUBS).
Since 2017, we have embarked on an extensive development of our fraud detection and investigation capabilities, resulting in improving our fraud prevention and controls.
WUBS has a dedicated global fraud investigations team to protect the interests of its clients.
The team is highly skilled and includes accredited financial investigators who have dealt with serious and complex fraud and money laundering investigations, organised crime groups, and terrorism.
The team also has many years of experience in both working at Western Union and working with and for law enforcement.
WUBS has a number of stakeholders who assist the fraud team in improving fraud controls and preventing fraud:
• Customer Service
• Account Managers
As part of its role, and through its learnings from investigations, the team advises on the design of fraud prevention controls. It submits recommendations for implementation based on casework. The prevention plan covers areas such as data analysis, process management, policy changes/creation, platform security, business change review, training both internally and externally and law enforcement/industry outreach. It maintains strong links with various law enforcement teams and financial institutions.
Business email compromise
Business email compromise is a form of fraud where a criminal impersonates an individual known to the victim through a business relationship and attempts to coerce the victim into transferring funds.
Other types of business email compromise include:
• Employee account compromise.
• Legal/CEO impersonation and fraud.
• Compromised account – may be used by fraudsters to steal personally identifiable information.
• Fraudsters will also sell compromised account information to other fraudsters to exploit.
What are typical fraud scenarios?
• The fraudsters send an email to an individual in the accounting or finance department of a company, posing as the representative of another company who is currently engaged in business, often concerning an open invoice, requesting a wire transfer.
• The request is likely to include a change to previous arrangements such as a change to the beneficiary name, bank account and location. The fraudsters will often provide reasons for the change in circumstances.
• The unsuspecting employee then initiates a fraudulent wire transfer in the requested amount to the bank account of the fraudster’s choosing.
Business email compromise fraud can occur in many different forms. However there are four distinctive stages. Most compromises occur with the client being deceived into altering the beneficiary details.
The stages are as follows:
•Phishing attempts: A client becomes the victim of a phishing attempt by fraudsters who now have access to the business email account. The fraudster then looks for an open order requiring payment by the client.
• Impersonation via email: The client then receives an email(s) from the fraudsters who now impersonates a customer/supplier requiring payment on the open order. The emails will ask the client to change the beneficiary bank details and ask that the client instruct the company accordingly.
• Payment redirection: The client, having now been deceived, sends/notifies the company of changes to the beneficiary details of one of their customer/suppliers and instructs the company to make the wire transfer
• Payment sent: The fraudsters, who control the beneficiary bank account where the money transfer is initiated to, monitor the payment so they can immediately either withdraw, transfer the money to any other account they control or even make card payment transactions.
Business email compromise red flags:
Change of country for the beneficiary bank: The fraudsters will get the client to change the destination of the transfer to a bank account in a completely different country from where the customer/supplier has always previously banked.
Changes to the beneficiary name: The fraudsters will get the client to change the beneficiary details to either another company name, a personal name of a mixture
of name and company.
Reason given for change of beneficiary bank: The fraudsters will come up with a sometimes bizarre and illogical business reason for wanting to get the bank details changes. Common sense dictates that real businesses would rarely if ever provide such detail.
Variant or new email address: The fraudsters will use a variant email address very similar to the correct email address on any email wanting beneficiary changes. Sometimes the email address may even be identical.
Inconsistencies in email such as: Font, Spelling, Grammar, Structure, Time
Invoices provided are not standard or real invoices from suppliers: Any font changes, poor spelling and/or smaller digital size (e.g. 200k instead of 1mb).
Urgency of the alleged “supplier” during email exchanges: The fraudsters will pressure the client to complete the transaction quickly with constant emails and social media.
How to protect yourself from business email compromise
Business email compromise attacks are successful for three main reasons: insufficient security protocols, social engineering and lack of employee awareness.
• Implement a complex email password policy
• Require email password changes
• Limit personal information on social media/websites
• Avoid responding to general email traffic
• Enable multi-factor authentication
• Do not keep company passwords in email
• Keep records of phone numbers, contact details and email addresses for your clients/customers
• Never just trust the contents of an email
• Always confirm verbally beneficiary bank details
What to do if you suspect you are a victim of business email compromise
• Do not email or provide any further details to anyone you suspect are fraudsters
• Do not send any money until you are satisfied that the matter has been resolved
• Contact your real customer/supplier to check whether they sent instructions to change a bank account
• If you are a customer of Western Union Business Solutions contact your account manager or our service centre on 08000960172.
*IC3 – Federal Bureau of Investigation Internet Crime Complaint Center. www.ic3.gov
© 2020 Western Union Holdings, Inc. All rights reserved.
This brochure is a financial promotion and has been prepared and approved by Western Union International Bank GmbH,
UK Branch. The information contained within this brochure does not constitute financial advice or a financial recommendation, is general in nature and has been prepared without taking into account your objectives, financial situation or needs.
Western Union Business Solutions is a business unit of the Western Union Company and provides services in the UK through Western Union’s wholly-owned subsidiary, Western Union International Bank GmbH, UK Branch (WUIB).
WUIB (Branch Address: 131 Finsbury Pavement, London, EC2A 1NT) is a branch of Western Union International Bank GmbH (registered in Austria, company number FN256184t, VAT Number ATU61347377, with its registered office at The Icon Vienna (Turm 24), Wiedner Gürtel 13, 100 Vienna, Austria), which is licensed by the Austrian Financial Market Authority (Finanzmarktaufsicht).
WUIB is subject to limited regulation by the UK Financial Conduct Authority and Prudential Regulation Authority. Details about the extent of WUIB’s regulation by the Financial Conduct Authority and Prudential Regulation Authority are available from WUIB on request.
This brochure has been prepared solely for informational purposes and does not in any way create any binding obligations on either party. Relations between you and WUIB shall be governed by the applicable terms and conditions. No representations, warranties or conditions of any kind, express or implied, are made in this brochure.