If your business sends or receives wire transfers, beware of business email compromise (“BEC”) schemes.
In a typical BEC scheme, hackers gain access to an employee’s email account. They monitor the account until they see email traffic that mentions a wire transfer. The hackers then impersonate or “spoof” the person sending the wire transfer instructions and direct payment to be made to their own account. The names and addresses on the spoofed email may look the same on first glance, but on closer scrutiny, it’s a fake. Shortly after the funds are transferred to the fake account, the hackers transfer the money out. By the time the fraud is uncovered, the money is usually gone.
Such schemes are extremely common. In 2018 alone, the FBI received over 20,000 BEC complaints with adjusted losses of over $1.2 billion.
Protect your business against BEC schemes with the following precautions:
- Avoid free web-based email. Open source email makes your business a target.
- Change your email passwords regularly.
- Implement two factor authentication (i.e., email and phone call) for all wire transfers. Require a follow-up call shortly after the wire is complete to confirm receipt.
- Warn any employees responsible for sending or receiving wire transfer instructions to be on the lookout for any unusual email activity like requests to change wiring instructions or to make payment immediately.
- Ask your bank what precautionary measures it has in place. Consider providing your bank with a list of account numbers associated with repeat vendors and asking it to require additional authorization before sending any transfers to any accounts that are not on the list.
- If you suspect you have become a victim, immediately notify all involved financial institutions and law enforcement. Fast action is critical. Then contact your lawyer.