Business Email Compromise (BEC) is a type of email cyber-crime scam in which an attacker targets a business to defraud the company. Business Email Compromise is a large and growing problem that targets organizations of all sizes across every industry around the world. BEC scams have exposed organizations to billions of dollars in potential losses.
BEC generally happens when one business is making payment to another. The initial agreement is legitimate but the correspondence between the two parties can be intercepted and slight changes made to email addresses and account payment information.
Tips to protect yourself and your business:
- Be wary of last minute email account address changes
- Be wary of last minute changes to account payments (example instead of sending a certified cheque, please wire transfer your payment to a specific account)
- Always check the details of email addresses for subtle changes ( I instead of 1)
- Before sending large sums of money, it is best to confirm the details over the phone to ensure you have accurate information.
Other variations of the scam (I just copied and pasted this)
Gift card variation
When targeting a business, a scammer sends an employee an email that appears to come from the owner, the president or another high-ranking employee. The email claims the boss is working offsite and needs help to buy gift cards for employee rewards or birthday gifts.
When targeting an individual, a scammer sends an email from a compromised and/or spoofed email account that appears to come from a known contact, such as a family member or friend. The email claims that the sender needs assistance to buy gift cards for birthday gifts or something else.
Wire transfer variation
In this variation, the email directs the employee to send an urgent, large wire transfer (e.g., more than $100,000) to a foreign account.
Financial industry client spoof
A scammer targets financial institutions, investment brokers and financial dealers with a spoofed email that appears to come from an existing client. The email directs the business to do an urgent wire transfer, usually to a foreign account.
Head office spoof
A scammer calls a franchise business and claims be from the head office. They tell the employee who answers the phone that there are problems with one of the financial products offered, such as gift cards or money transfer services. They ask the employee to select some prepaid cards, activate them, and provide them to the scammer. The scammer may also ask them to conduct a series of money transfers.
A scammer sends an email that appears to come from an existing employee. They request a change to the employee’s direct deposit information. This tricks the company into depositing the employee’s paycheque into a fraudulent account.
A scammer targets businesses that have an existing relationship with a supplier, wholesaler or contractors. They send a spoofed email informing the business of a change in payment details. The email provides new banking information. It requests that the business make future payments to this “new” account.