Over 80% of businesses report being targets of attempted or actual payment fraud in 2019. The survey conducted by J.P Morgan discovered that Business Email Compromise (BEC) was the largest reported source of attempted or actual payment fraud attacks last year.
Written on April 7, 2020 by Xeinadin Group
BEC is a ticking timebomb in this current climate that could threaten your business. With everyone working remotely due to Coronavirus, this has forced businesses to change their working hours and how they perform their normal day to day operations. Amshire have already seen a number of emails to our customers preying on their vulnerability during these challenging times.
Invoice Fraud is another threat to look out for. This is where you receive an email with an invoice. You might then get a follow up email to say that the bank details have recently changed. Please pay the invoice using these new details. Do not take any requests to change payment details on face value that come via email.
So how does BEC fraud work?
Typically, someone in accounts will get an email that is supposedly from the business owner or Chief Exec. This information is easy to get from the likes of LinkedIn, Companies House or even your own website.
The email display name will have that person’s name and email address in it so it looks legitimate. Hidden behind the email though the email address will be completely different. It will go to somewhere else like Gmail, outlook.com or for the more sophisticated they might setup a similar domain but replace letters for numbers or vice versa.
An email conversation is then had between the employee and the criminal fraudster. At some point a request will then be made to pay someone. The payment will then be made, it will not be until later that anyone will discover that the company has fallen victim to this BEC fraud.
How can I protect my Business?
- Look out for emails asking for payments. Simple emails with text similar to “Can you still make a payment for me now?”
- Put extra steps in place to check and double check any requests for payments to be made. Do not rely on email for verification. Why not use the phone and speak with the business or person to confirm the request? It is far better to delay and check than fall victim to fraud.
- Delay making the payment. Do not feel pressured to make the payment without first checking. This is exactly what the fraudsters don’t want you to do, they want your hard-earned money.
- Train your employees. Now is a great time to get employees to complete online Cyber Security training. This will help educate employees on how to spot and flag up suspicious activity. This will not only help to protect the business but also the employee and their online accounts.
- If in doubt speak to an IT security expert. They can help check the email and see where it has come from.
If you’d like support protecting your business from cyber crime, speak to our specialist Cyber Wise team on 0161 476 8276 or email firstname.lastname@example.org.