Through our work in cyber and information security, we have formed relationships with professionals at Secure the Village and Citadel Information Group. They have kindly allowed us to post on our blog site some of the articles they have authored about cyber security. This article provides a great overview of the business email compromise scam and how to avoid being taken in by it.
Business E-mail Compromise: Don’t Be a Victim
By Stan Stahl, PhD, President of Citadel Information Group, Inc. & Founder and President of Secure the Village
What to Do: Implement very strong controls on wire transfers
Assume all email or fax requests from a vendor to change bank accounts are fraudulent. Assume all email or fax requests from the company President or others are fraudulent. Assume all email or fax requests to set-up a new vendor are fraudulent. Pick up the phone, call the party in question and verify the request is legitimate.
If you discover you are a Business Email Compromise victim, immediately contact the FBI’s Southern California Cyber Fraud unit at email@example.com. They have established banking relationships and are often able to recover funds if they are notified within 72 hours.
And talk to your banker. Make sure they have your back.
It’s also a good idea to check with your insurance broker to ensure that business email compromise losses are covered.
Not too long ago, email scams were relatively easy to detect. They were often from unknown contacts and referenced bank or credit card information which was clearly incorrect. Sometimes, the emails would simply contain a link. As time has passed, fraudulent attempts to gain control of your online banking, your critical information, and your identity have become more skillful and harder to spot. These days’ emails often appear to come from recognized accounts, are well written, and–at least at first glance–seem legitimate.
The newest — and one of the costliest — in a long line of fraudulent e-mail scams is “Business E-Mail Compromise” (BEC).
Business Email Compromise (BEC) is a very sophisticated attempt to induce a business to willingly hand over their money to a cybercriminal. In Business Email Compromise (BEC), crooks spoof communications from executives or vendors at the victim firm in a bid to initiate unauthorized wire transfers.
According to the FBI, thieves stole nearly $750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015. Business Email Compromise cost Ubiquiti Networks $46 million.
Collectively, Business Email Compromise has resulted in actual and attempted losses of over a billion dollars worldwide. The FBI reports, “…since the beginning of 2015 there has been a 270 percent increase in identified BEC victims. Victim companies have come from all 50 U.S. states and nearly 80 countries abroad.”
BECs can target businesses working with foreign suppliers or regularly performing wire transfer payments, although they have also targeted some that do not strictly fit this criterion. In order to solicit unauthorized transfers of funds, the scams compromise legitimate business e-mail accounts through social engineering or computer intrusion techniques. Prior to making contact, the scammers learn enough about their target to create emails that use language specific to the company and request wire transfers that seem legitimate.
For more information on BECs, see https://www.fbi.gov/news/stories/2015/august/business-e-mail-compromise/business-e-mail-compromise and http://krebsonsecurity.com/2015/08/fbi-1-2b-lost-to-business-email-scams/
Linking to Non-Regents Bank Websites
This icon appears next to every link that directs to a third party website not affiliated with Regents Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Regents Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Regents Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.
For the businessperson on the go, Online Banking Services from Regents Bank offers safety, secure and convenience for our business banking clients. You have complete access to your account 24 hours a day, 7 days a week.
Online Banking with Regents offers you:
- Immediate access to your business checking account and commercial loan balances
- Real time data on which checks and deposits have been posted to your account, as well as electronic images of checks and deposits posted
- Electronic Bill Pay – no more post office lines or stamps to buy
- Downloadable information into your business accounting system (i.e. QuickBooks)
- The ability to transfer funds between your Regents Bank accounts
- Stop Payment Requests
- Issuance of Wire Transfer instructions
- Private Email messaging to Regents for account inquiries
- Check re-ordering
- Viewable and downloadable copies of your Regents Bank statements
Electronic Statements (E-Statements) from Regents give you 24/7 access to your monthly statements, anytime and anywhere. No more paper statements, protection from mailbox theft and are environmentally friendly. If you decide you’d like a hard copy of a particular statement you can just hit the print button on your computer or contact us and we’ll get your paper statement to you promptly.
Current customers can enroll simply by logging in and clicking on “E-Documents” at the top of the home page. The instructions will then walk you through. As always, we’re here to help and answer any questions you have about E-Statements and the enrollment process. Your E-Statement will then be available for your next statement cycle. Our business banking clients’ statements and notices can be e-mailed to up to three additional recipients to facilitate the flow of important financial information within the business.
Current Regents Bank customers can sign up for Online Banking by completing a simple form at any branch or calling (858) 729-7700. To open a personal or business checking account, please visit one of our offices, which are conveniently located throughout San Diego County in La Jolla, Carlsbad, downtown San Diego, El Cajon and Vancouver, WA. It will be our pleasure to work with you personally and help you select the account that is right for you.