FBI offers new warning, tips for avoiding business email scams
By Lucie Huger
As if life is not difficult enough these days with the impact of the COVID-19 pandemic, this week the FBI issued a warning related to an increase in business email compromises, referred to as BEC.
In general, a BEC targets those whose job responsibilities relate to managing company money or paying legitimate company invoices. In a typical BEC scheme, a person with such delegated company responsibilities receives an email from a person or company with whom they have conducted business. This email often makes an urgent request that banking information be immediately changed, and it either requests that funds be paid to a new banking account or alters existing payment processes. This often relates to wire transfers. In the recently issued notice, the FBI noted the following recent examples of BEC scam attempts related to COVID-19:
- A financial institution received an email from the alleged CEO of a company who had previously scheduled a transfer of $1 million requesting that the transfer date be moved up and the recipient account be changed “due to the Coronavirus outbreak and quarantine processes and precautions.” The email address used by the fraudsters was almost identical to the CEO’s actual email address, with only one letter changed.
- A bank customer was emailed by someone claiming to be one of the customer’s clients in China. The client requested that all invoice payments be changed to a different bank because their regular bank accounts were inaccessible due to “Corona Virus audits.” The victim sent several wires to the new bank account for a significant loss before discovering the fraud.
The FBI noted the following red flags that signal BEC scams:
- Unexplained urgency
- Last-minute changes in wire instructions or recipient account information
- Last-minute changes in established communication platforms or email account addresses
- Communications only in email and refusal to communicate via telephone or online voice or video platforms
- Requests for advanced payment of services when not previously required
- Requests from employees to change direct deposit information
The FBI also recommends the following tips to help protect against BEC scams:
- Be skeptical of last-minute changes in wiring instructions or recipient account information.
- Verify any changes and information via the contact on file — don’t contact the vendor through the number provided in the email.
- Ensure the URL in emails is associated with the business it claims to be from.
- Be alert to hyperlinks that may contain misspellings of the actual domain name.
- Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s email address appears to match who it is coming from.
If you need assistance because you are concerned that your company’s information has been compromised or if you’d like to discuss how to best protect your company from falling victim to these scams, we are here to help. Please contact Lucie Huger or any of the attorneys in Greensfelder’s Privacy & Data Security group.