Someone in your organization gets an email they think is from the big boss. Following orders, that employee does what they are told. They might be asked to go buy gift cards or wire money to “their boss.”
After all, the boss needs that money quickly and the employee wants to do the right thing.
Instead of doing the right thing, that employee has just cost the company money that it might not recover. The business has just been victimized in what is called a Business Email Compromise (BEC) scam.
Unfortunately, that business is not alone, as BEC fraud has exploded over the last few years.
According to an in-depth study released by Better Business Bureau (BBB) earlier this year, BEC scams are skyrocketing in frequency and have cost businesses and other organizations more than $3 billion since 2016.
BEC fraud is an email phishing scam that typically targets people who pay bills in business, government and nonprofit organizations. It can affect businesses and organizations of all sizes and the scam has resulted in more losses than any other type of fraud in the U.S., according to the FBI.
The fraud can take on several forms, but the most frequently reported scam has the scammer posing as a reliable source who sends an email from a spoofed or hacked account to an accountant or chief financial officer, asking them to send money immediately.
The scammer often gives a plausible reason. If money is sent, it goes into an account controlled by the fraudster.
The FBI recognizes at least six types of BEC fraud, which differ based on who appears to be the email sender.
From 2016 through May 2019, the FBI’s Internet Crime Center received nearly 60,000 complaints on BEC fraud.
BBB’s study shows the average BEC loss involving wire transfers was $35,000, while losses involving gift cards was between $1,000 and $2,000.
What can you do if your business has been targeted?
- If an organization finds that it has been a victim of a BEC fraud, it needs to immediately call its bank to stop payment and report it to the FBI. If a report is filed within 48 hours, there is a chance the money can be recovered.
- File a complaint to the FBI’s Internet Crime Complaint Center – ic3.gov. The FBI also asks businesses to report unsuccessful BEC attempts. Information from attempts may help establish patterns or identify mule bank accounts.
- Report fraud to BBB’s Scamtracker – bbb.org/scamtracker.
Angie Barnett is president and CEO of the Better Business Bureau of Greater Maryland.