A business email compromise often occurs within companies that transact with multiple vendors and suppliers. These compromises happen when a scammer poses as a trusted business leader within an organization and sends a fake invoice or request for payment information to be updated. It can also occur when a scammer acts as if they are a leader or boss within a company, asking an employee to wire funds or make a payment with a sense of urgency. By the time the boss or manager is there to discuss this in person, it’s usually too late to cancel or stop the funds from reaching the scammer.
Warning Signs of Business Email Compromise
- Look for any spelling or grammar errors in the email address, URL or correspondence. Scammers might use slight differences to trick you and attempt to gain your trust.
- Fraudsters typically will not include a real name within their email. Generic terms like “Dear”, “Sir”, “Ma’am”, “Customer”, etc. will be used because the fraudster doesn’t know real names and is usually sending mass emails to other email addresses at the same time.
- A scammer might be pressing you to act quickly and send funds immediately.
- Since it’s not uncommon for an invoice to be sent over email, fraudsters do this to bet on getting your money. If an attached invoice doesn’t look familiar, or even if it does, always double-check it’s legitimate before making a payment.
How to Protect Yourself
- Be mindful of what information you’re sharing online. Pet names, schools you’ve attended, links to family members and your birthday can give a scammer all the information they need to detect your password or answers to security questions.
- Set up two-factor (or multi-factor) authentication on any of your accounts that allow it.
- Flag external emails to add a visible indicator to employees that the email is from an external source and they need to be cautious. Additionally, be wary of email attachments.
- Always verify invoices before payment. If you receive a payment or purchase request, call the person or company using a phone number you trust to make sure it’s legitimate and verify any account number or payment procedure. This also will help other companies find out if fraudsters are using their information to spoof and target their customers.
- Similarly, if you receive an email asking you to update or verify account information, look up the company’s phone number on your own and call the company to confirm the request is legitimate.
- Ask your local branch about how Positive Pay can be used to help monitor your account. This automated tool can detect and prevent check and ACH fraud. By reviewing the checks and ACH transactions online daily, you can ensure payment details are accurate prior to approving an item.
We're here to help!