Business Email Compromise (BEC) is a sophisticated cyber threat that targets organizations through deceptive email communication. BEC cybercriminals target financial institutions’ business clients. The criminals gain unlawful access employee email accounts to manipulate or impersonate trusted individuals within a company to divert funds to a bad actor.
To combat BEC effectively, it's essential to work together to raise awareness and educate those who are performing the transfers of the subtle red flags that may indicate a potential attack. In this article, we will explore key indicators that can help individuals and organizations identify potential BEC attacks early on.
Watch out for seemingly legitimate transaction instructions that differ in language, timing, or amounts compared to previously verified and authentic instructions. Look out for grammar errors and different font usage.
Be cautious of transaction instructions originating from email accounts resembling known clients but with slight alterations in the email address. Cybercriminals often add, change, or delete characters to create deceptive addresses.
Example of legitimate email address: john-doe@abc.com
Example of fraudulent email addresses: john_doe@abc.Com or john-doe@acd.com
Be suspicious if transaction instructions to a known beneficiary are changing to a different account or bank information than previously used.
Be cautious of any email that contains instructions directing payment to a recipient with whom there is no relationship established, especially if the payment amount is comparable to or exceeds the amounts the customer has historically paid to known beneficiaries. This situation might indicate that the recipient is impersonating a legitimate business entity.
Be skeptical of transaction instructions marked as "Urgent," "Secret,"or "Confidential." Cybercriminals often use such language to create a sense of urgency.
Exercise caution when transaction instructions originate from a newly authorized employee on the account or an authorized person who hasn't previously sent wire transfer instructions.
Be wary if client's employee or representative issues transaction instructions based solely on email communications from executives or attorneys without verifying with them.
Stay vigilant if additional payments are requested immediately after a successful payment to a new account, as this behavior may indicate an attempt to issue unauthorized payments.
Being aware of the BEC red flags is essential to safeguarding your business against this evolving cyber threat. By fostering a culture of cybersecurity awareness and implementing robust verification processes, you can protect your business from the financial and operational consequences of BEC attacks. Stay vigilant, make online safety a priority.
Please note: The content in this article comes from individual opinions and experiences. The content should not be taken as advice coming from City National Bank of Florida. City National Bank of Florida does not offer tax, legal or accounting advice.
Sources:
FBI.gov
TrendMicro.com
Sign up for our newsletter to stay up to date on banking, product and service updates!