Business Email Compromise Fraud

#BECareful - don’t let scammers trick you into making payments to their accounts

Criminals hack into email systems or use social engineering tactics to gain information about corporate payment systems, then deceive company employees into transferring money into their bank account.

BEC campaign
BEC campaign

Protect your corporate systems from hacking attempts

  • DO use anti-virus, firewall and other tools and scan computers and devices regularly to prevent malware infections.
  • DO keep your personal and business computers up to date: pay attention to security alerts, update security patches, conduct periodic systems checks.
  • DO make sure that your email accounts are well protected and don’t share the passwords.
  • DON’T click on attachments or links you aren’t expecting, even if they have innocuous sounding names (invoice, for example). They often contain malware giving access to monitor your email/computer activities.
  • DO enable spam filters and block all access to suspicious or blacklisted websites.

Be vigilant of suspicious or unexpected ‘urgent’ payment requests or changes

  • DO look carefully at the sender’s email address. Criminals often create an account with a very similar email address to your business partners so keep your eyes peeled!
  • DO spread the word so any colleagues dealing with bank accounts are aware of the scam.
  • If you receive an email concerning a change of payment method or bank account, DO contact the payment recipient through another channel (phone) to verify this claim. DON’T reply directly to the email.
  • DO verify the authenticity of websites before providing any personal or sensitive information.

Avoid becoming a target

  • DON’T post sensitive or personal information on social media. This can be used by fraudsters to target you.
  • DO shred all confidential documents and dispose of them properly.
  • DO use different passwords for every account, change them regularly and enable two-factor authentication on all your accounts whenever possible.
  • DO use strong passwords which include numbers, symbols, capital and lower-case letters.

I paid the money – now what?

  • Gather all documentation regarding the transaction and emails/invoices received and DO report the incident as soon as possible to your local police.
  • DO immediately alert your bank to the fraudulent transaction. The bank should immediately try to re-call the funds.
  • DO consider consulting a civil lawyer in the country where the money was deposited into the beneficiary bank account. This might be of help to address the bank in trying to recover the money and/or launch a civil complaint regarding the account holder.