It can be as simple as an email that looks like it’s from the CEO. Or it can be as complex as someone hacking a company’s operating systems and draining its accounts. Or it can be something that just doesn’t seem right when a request to move money comes through, like in this example from the FBI.
Regardless of the tactic, the result is often the same. In rough numbers, when crooks carry out wire fraud schemes, the cost is more than $100,000 per incident, on average.
Since last year, Regions and law enforcement have seen a significant increase in wire fraud. One of the most common scams is known as business email compromise (BEC). According to the FBI’s Internet Crime Complaint Center (IC3), fraud from BEC increased by 136 percent between December 2016 and May 2018 – with total losses of more than $12 billion nationwide.
Business Email Compromise happens when someone poses as a customer, as a business executive or another employee of a corporation.
Sometimes, the criminals may have obtained company information or compromised a computer or email or payment systems. This gives them what appears to be inside information. Then, the fraudster – often pretending to be a customer, vendor or employee — pressures someone in the company to hand over information, quickly pay an invoice or complete a wire transfer, usually citing some urgent deadline or insisting wire payments would be easier than other types of payments. It may seem legitimate enough – with an invoice or wire transfer account, even an email signature.
“To defeat business email compromises, the first thing is to authenticate — who, what, when and why? Verify and make certain what is received is what was expected. If it is not, question it,” said Don White, head of Regions Corporate Security.
In its simplicity and urgency, business email compromise and associated wire fraud play on people’s desires to be helpful and responsive, while short-circuiting controls and verifications normally in place. There are ways, however, to spot and stop this type of fraud. Follow these suggestions from law enforcement:
- Avoid filling out forms in email messages that ask for personal information.
- Never respond to spam as this will confirm to the sender that it is a “live” email address.
- Be cautious when dealing with individuals outside of your own country.
- Don’t trust a site just because it claims to be secure.
- Be watchful of spelling errors, grammar problems or inconsistent information.
Be sure to verify your sources:
- Is the communication consistent with others from the same source?
- If this is presented as an urgent request – why is that? Is the request, or payment, directed to someone who typically doesn’t receive these communications? How come?
- Hover over email addresses and links to help determine if they are truly from expected sources.
- Attempt to obtain a physical address, rather than a P.O. box or maildrop.
- Contact the actual business that supposedly sent the email to verify if the email is genuine.
The best defenses against fraud are knowing your customers well and having processes, with checks and balances and verification procedures, in place. If you believe something is questionable, follow your instinct; taking some time to verify if something is legitimate may be the best investment you can make in terms of protecting your business.
Also, understand that you aren’t alone. If you suspect something or discover fraudulent activity, act quickly. Contact your bank. Contact law enforcement. And get the process of disputing any transactions started.
“Regions is committed to our customers and to mitigating fraud and loss. And we need everyone’s help,” White added. “Every day, every night, every holiday, we have teams working behind the scenes to make certain that we mitigate, identify and prosecute all the criminals involved in financial crimes.”
See this page from Regions.com for more tips and information designed to help prevent fraud. Further, this page from Regions has more information on what you can do if you believe you are a victim.