Business Email Compromise

Email has become one of the most common and dangerous ways that people are exposed to fraud in the current business environment.

Global research from the FBI’s Internet Crime Complaints Center shows that businesses lost $26.2 billion in just three years (2016 to 2019).

Typically, email fraud starts with a phishing scam. The fraudster sends a link by email that when clicked, allows access to the computer. Then, they track down confidential information on invoices. Armed with that information, they make a request to change the banking details to fraudulently redirect the payment.

A business that falls victim to this scheme typically loses about $34,000. But of course, these crimes can cause more than just financial damage. They can affect a business’s reputation with suppliers, partners and the market at large.

Here’s the surprising truth. Email fraud is not a sophisticated crime. It’s a simple fraud that preys on human frailties. The good news, however, is that it can be prevented.

Generally speaking, email fraud can occur as a result of the following:

  • A myth that it is a sophisticated crime beyond anyone’s control.
  • A misunderstanding that virus software is enough to prevent it.
  • A lack of due diligence and rigorous approval processes for changes to customer and supplier payment information.
  • A mistaken belief that your institution or sector will not be targeted because fraudsters will seek more lucrative targets.
  • A mistaken trust in government documents as proof of identity.

Given these myths and misunderstandings, here are some questions to ask to help prevent your customers from falling victim to fraud:

  • Is someone asking them to redirect an invoice payment to another country?
  • Is someone asking them to change the company or personal name on a payment?
  • Is someone telling them a story about why they suddenly need to change the payment instructions on an invoice? For example, saying that they have a new bank or problems with their bank.
  • Is someone asking them to change the email associated with a payment to a similar but slightly off-kilter email address?
  • Has an updated invoice been issued with different payment instructions?
  • Is there a sense of urgency about a change that is being requested regarding a payment? Do they feel pressured?

If you or your staff notice any of these red flags, stop immediately. Direct your customers to get in touch with their known supplier contact regarding the invoice.

During these unprecedented times, everyone should be rigorous and cautious about making any changes regarding payments. Our team is on standby ready to provide any additional support to your institution during this time. Please do not hesitate to contact us if you have any questions or concerns.