Recently, a cybercrime scam targeting businesses and defrauding companies is on the rise. According to our Fraud Team, Business Email Compromises (BEC) involve the spoofing of an email address, using a look alike email, or Email Account Compromises (EAC) to send emails from a legitimate source. The scam can range from impersonation tactics to false invoices and wire instructions.
How does BEC work?
The scammer poses as someone the recipient should trust, such as a colleague, boss or vendor. They then ask the recipient to make a wire transfer, redirect payroll, or even update banking details for future payments. The scam can be difficult to detect and the emails hard to block using traditional defense filters. This is because the scam typically does not involve malware or links, while also using impersonation techniques or legitimate email accounts.
How to spot the scam:
- High-level executives asking for unusual information or pressing for immediate changes to be made to payment information
- Requests asking you not to communicate the information with others. This is a ruse to prevent fraud detection.
- Requests to bypass normal channels or checks.
- Language inconsistencies, grammatical errors and changes in dates.
- Change in “Reply to” email address. This shows the actual email address being used.
- Slow down! Scammers strike when we are our busiest to avoid detection.
- Know your customers and your coworkers, as well as the types of emails you should be receiving from them.
- When in doubt, contact the person through alternate means to verify the communication is legitimate.
- Lastly, report it.
If you spot one of these scams, report it to the Federal Trade Commission by calling 1-877-382-4357 or by visiting reportfraud.ftc.gov.
If you’re a Merrimack business customer and are concerned your personal or financial information was compromised, please call us directly at 603.225.2793.