Have you ever received an email that looks like it is from your boss, your colleague, your vendor, or someone else you regularly deal with asking you to wire money for an additional payroll, an outstanding invoice, or some other request that appears legitimate?
Be careful, it may be a scam. In the past six months, several PCO Bookkeepers clients have reported receiving these types of emails. More disturbing, many of them wired the money, which then disappeared into the scammers’ accounts. To date, we have not seen any of them get their money back.
The FBI calls these business email compromise (BEC) scams. Three of the most common methods include:
- The CEO directs the CFO or bookkeeper to wire money to someone.
- Vendors or suppliers ask that invoice payment be made to a different bank account.
- A senior employee seeks to have his or her pay deposited into a new bank account.
HOW BEC ATTACKS WORK
In the attacks we have seen, the scammers gain control of a legitimate email account, allowing them to control the back-and-forth emails while not allowing the true owner of the email account to receive the emails and see the conversation. The scammers essentially become the owners of that email account, to instruct the receiver of the email the amount to be sent and where to wire the funds. Once the funds are sent, they are quickly drained from the account. At this point, tracking the scammers becomes difficult, as many of them are in foreign countries.
Because BEC scams focus on human judgment rather than technological vulnerabilities, they require employee training in addition to technology adjustments to prevent, detect and respond to a wide range of BEC techniques.
HOW TO PROTECT YOURSELF
To protect yourself and your company from BEC scams, train your employees to look for these signs that an email may not be what it seems:
- A high-level staffer is asking for unusual information. How many owners will request that their employees wire monies, and to not ask questions because the boss is busy? While most of us will naturally respond promptly to an email from the boss, it is worth pausing to consider whether the email request makes sense. Perhaps a phone call to confirm the request is in order.
- The sender requests the recipient to not communicate with others. Impostor emails often ask the recipient to keep the request confidential or only communicate with the sender via email. Here again, a simple phone call to confirm the request by the boss, vendor or other requester usually will expose the scam quickly.
- The request is bypassing normal channels. Most organizations have accounting systems through which bills and payments must be processed, no matter how urgent the request. When these channels are bypassed by an email directly from an executive requesting, for example, that an urgent wire transfer be completed ASAP, the recipient of the request should be suspicious.
- There are language issues and/or unusual date formats. Some emails have flawless grammar, whereas other emails are in broken English. But the presence of European date formats (day-month-year), and/or sentence construction that suggests an email was written by a non-native speaker, are common in many of these attacks.
- The email domains and “reply to” addresses do not match the sender’s address. BEC scam emails often use spoofed and lookalike sender addresses that are easy to miss if the recipient is not paying attention.
While employees should be trained to recognize the signs of BEC scammers, one of the most effective ways to make sure no one can hijack an email account on the technology side is to set them up with two-factor authentications. This way, when anyone accesses an email account, they must have the owner authenticate the account by text or a phone call. Many companies provide this service, but this arrangement is paramount to making sure you stay protected.
GORDON owns PCO Bookkeepers, an accounting and consulting firm that caters to pest management professionals throughout the United States. He can be reached at firstname.lastname@example.org.