Protect Yourself from Business Email Fraud
Business Email Compromise is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The scam is frequently carried out when an individual compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds.
Fraudsters are great actors, they can impersonate the people at work we trust the most. Fraudsters can take on a variety of identities to try and deceive their target. To deceive their target, fraudsters impersonate a CEO or other senior executive with instructions to make urgent payment. Or, they pretend to be a supplier and convince an employee to replace actual suppliers bank details with bank details belonging to the scammer. They may even disguise themselves as a member of the IT team to trick employees into providing security credentials.
Business Email Compromise scams are on the rise. In fact, between June of 2016 and December 2021, over $43 billion dollars in losses were reported to the FBI due to Business Email Compromise. (Source: ic3.gov).
But there are things you can do to protect yourself.
- Remember that companies generally don’t contact you to ask for your username or password.
- Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
To report spoofing or phishing attempts—or to report that you've been a victim—file a complaint with the FBI's Internet Crime Complaint Center (IC3).
To learn more about fraud protection services available to businesses, visit the Fraud Protection section of our website.