Gain insight from our latest publications on important banking topics and local customer stories. Leverage our experience and expertise to prepare for greater financial success and business vitality in the future.

Categories

Share this article:

How a highly targeted business email scam is causing big losses


Dave_Werner0385_500x500LinkedIn

David P. Werner
President and CEO
Park Bank

The latest scam is catching CEOs unaware by using their name to trick employees into wiring money to fraudsters.

Cyber criminals are attacking businesses in our area with a twist to the old-fashioned email scam. They’ve discovered the effectiveness of target marketing and personalization. Nationally, the FBI reports that over 8,000 companies have lost an average of $150,000 per incident.

Called the Business Email Compromise (BEC) scam, it starts with a message that appears to be sent from a company’s CEO or CFO to trick employees into wiring money to fraudsters. No business is immune from being targeted, including a bank. In fact, our CFO recently received two such fraudulent emails. We have replicated one of the requests below.

Email_web
We have seen other fraudulent emails contain all of the specifics of the wire transfer – the beneficiary, the account number, the amount and the ABA number so that the targeted employee had all the information they needed to send the wire without having to verify any information.  In our case, our CFO was tipped off to the fake email based on multiple factors, highlighted below.

Email_2_web

Increase your employees’ attentiveness to the BEC scam by adopting these five simple-to-implement practices:

  1. Check to see if the request is consistent with how earlier wire payments have been requested.
    • How often does the CEO or CFO directly request a wire payment?
    • Are requests typically submitted when traveling (these attacks often are timed when the executive is out of the office)?
    • Is the payment consistent with earlier wire payments – including the timing, frequency, recipient, and country to which prior wires have been sent?
  2. Verify the identity of the person requesting the funds transfer by using an alternate mechanism.
    • If the request is an email, then call and speak to the person using a known phone number to get a verbal confirmation. Or, forward the email (instead of replying) to a known email address. Don’t reply to the email or use the phone number in the email.
  3. Slow down. Fraudsters gain an advantage by pressuring employees to take action quickly without confirmation of all the facts.
    • Be suspicious of requests to take action quickly or email subject lines that include “urgent.”
    • Look for grammatical errors or small changes in email addresses that try to mimic legitimate ones, such as abc-company.com vs. abccompany.com or .co vs. com.
    • Alert receptionists, administrative support and others not to provide an executive’s travel schedules over the phone to unknown callers or via social media.
  4. Implement dual approvals for financial transactions. If you do not have written procedures, develop them. Avoid having the two parties responsible for dual approvals in a supervisor/subordinate relationship as it could undermine the effectiveness of the process.
  5. Use a purchase order model for wire transfers to ensure that all payments have a reference number that can be verified before approval.
Cyber insurance does not necessarily cover losses due to the business email compromise because of an exclusion clause stating there is no coverage for “voluntary parting”, even if the employee was duped. To understand your policy or to inquire about cyber insurance, check with your insurance agent. Source: Bank Investment Daily, www.pcbb.com

For a comprehensive list of strategies for detecting and preventing the BEC scam, download the guide and share it with all employees.

Download Button

Questions or comments? Let us know.


Name:


Email (will not be published):


Question or Comment:




Park Bank Knowledge Center

At Park Bank, our primary focus is on supporting the success of midmarket businesses in southeastern Wisconsin. Discover the collaboration, consistency and commitment that make us first in lasting relationships.

Sign up to get future insights.

* indicates required


Your privacy is our priority. We will only send insight related articles to your email address provided. Park Bank will not share your personal information with third parties.