A Business Email Compromise (BEC) is a type of cyber scam which targets businesses that regularly conduct wire transfers. The scammer gains access to an email account belonging to an employee (often from the finance department) to learn about the business’ vendors. The scammer then sends a fraudulent request for a wire transfer payment to the vendors. The vendor is tricked into sending money to an account controlled by the scammer.
BEC is also known as CEO fraud, as scammers also target CEOs and other individuals in the C-Suite of businesses. Why? Often, these are the faces of the company who have information posted about them on the company website. This allows the scammer to research before sending a phishing email to gain access to an email account the victim may not otherwise be wary of.
What to look for:
- Emails and phone calls to employees with requests for their account username and/or password
- An email address that has slight variations from the legitimate address (e.g., firstname.lastname@example.org instead of email@example.com)
- Unusual requests from a supplier to make a wire transfer (e.g., requests to bypass normal payment procedures or to only communicate by email)
- Check and double-check the owner of the email address. You can easily do this by clicking on the email address in the email header to identify the sender (e.g., the sender looks like firstname.lastname@example.org, however when you click on the email it looks like email@example.com)
How to Report:
If you or your company fall victim to a BEC scam, it’s important to act quickly: