According to the 2019 AFP - Payments Fraud and Control survey report:
- 80% of organizations experienced Business Email Compromise (BEC)
- 54% of organizations reported financial losses as a result of BEC
- 70% of BEC scams targeted checks, followed by wires at 43%
Business Email Compromise occurs when a legitimate business email address is fraudulently taken over. The fraudster can then use the email address to send requests to Wire/ACH money to the account of the fraudster. In some situations, the fraudulent email account can be used to "redirect" legitimate payments.
For example, if ABC Company is preparing to pay an invoice, and they receive an email from what appears to be from the vendor, informing that their bank account information has changed, this could be an attempt to send the payment to the account of the fraudster.
What steps can a business take to protect against Business Email Compromise:
- Awareness - train employees to be aware of possible suspicious emails.
* Incorrect spelling, font, or punctuation.
- Validate, Validate, Validate! - when receiving an email that contains payment instructions or when receiving an email that changes payment instructions, always call the customer/vendor to verify, even if it appears to have come from the correct email address. DO NOT use the contact information in the requesting email. Contact your verified partner with the contact information you have on file.