illustration of computer screen with email message
Category: Fraud Prevention

Business Email Compromise Basics

Learn the three steps that can help fight the No. 1 type of fraud most businesses face.

By Jeff Taylor |

October is Cybersecurity Awareness Month, a collaborative effort between government and industry to raise understanding nationally and internationally. This year’s theme is “See Yourself in Cyber” – and all month long, Regions will be providing tips, information and resources on how you can stay cyber aware to make smart decisions that keep you, your family and your community safe online.

What is the No. 1 fraud vector impacting businesses and consumers? Business email compromise, or BEC.

Businesses across the world are affected as fraudsters create seemingly legitimate requests for a change in payment instructions, a new payment, or even a redirection of the direct deposit of payroll for an employee.

Each iteration of business email compromise has its own nuances and attack vectors.

Take a minute to look at each one:

  • Executive Impersonation

    The oldest form of BEC, this tactic involves the impersonation of a trusted authority figure like a C-suite executive, an attorney or manager. The fraudster creates an email that appears to be originated by the trusted authority requesting a new payment or a change to an existing payment. The fraud may utilize one of the free email services with an address that mimics one that might be associated with the trusted authority. The request may indicate the executive is working from home or traveling and using a personal email address to request the change. In fact, it is the fraudster making the request to redirect a payment to an account they control.

  • Vendor Impersonation

    This BEC tactic is very similar but involves the impersonation of either a current or new vendor making the request. In many cases, the fraudster may have compromised the vendor’s email and has “nested” themselves in the platform to monitor activity. At some point, the fraudster will insert themselves into the conversation, request the change, then redirect email traffic to an external email account. In some cases, the fraudster may request that additional services, like money movement products, or additional users, be added to their profile. When this happens, it puts both the business and the employee at risk.

  • Employee Impersonation

    These BEC cases typically involve the use of a compromised or counterfeit email account designed to impersonate an employee. Using email, the fraudster requests a change to, or initiation of, direct deposit of payroll to a new account number. Once the request is processed, the next payroll is credited to the new account controlled by the fraudster. The transaction amounts are usually smaller than vendor payments but have a significant impact on the employee and employer.

 

While there are a number of red flags and characteristics indicating business email compromise, it is still difficult to identify a well-crafted email request. Fraudsters have become much more adept at researching their victims and impersonating them in ways that may seem legitimate.

One way to help avoid becoming a victim is to employ a simple technique endorsed by the industry called STOP-CALL-CONFIRM.

 

stop call confirm


When you receive an email requesting a change in payment instructions; the addition of services like wire, ACH, or administrative access; or a request to create a payment:

  • STOP what you are doing and review the email address for any discrepancies or anomalies.
  • Pick up the phone and CALL the requestor at a number you know (don’t call the number in the email or respond to the email because you will likely be corresponding with the fraudster).
  • CONFIRM the request as legitimate.

 

It can take less than five minutes to make the call.

Every one of us can help prevent fraud by embracing the 2022 Cybersecurity Awareness month theme “See Yourself in Cyber”. No matter what role you play, you can help take steps to protect your online information and privacy.

Be fraud-aware and take a risk-based approach with these types of requests. You’ll be glad you did!

 

Learn more about common fraud scams affecting businesses today and how to protect your business from internal and external fraud in the Next Step webinar “Fighting Business Fraud: Prevention & Awareness Tips.

 

Read more about fighting business fraud on Doing More Today:

 

The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD, or speak with your Banker for further information on how you can help prevent fraud.

Trending Articles

Related Articles