What would you do if you received an email from your CEO or CFO asking you to make an immediate or urgent wire transfer of funds? If you are the person in your organization who is responsible for such tasks and receive requests like this regularly, you may not think twice. However, with the increased sophistication of hackers and cybercriminals, you must Stop, Look, and Think before deciding how to proceed.
Business Email Compromise is an advanced form of spear-phishing which targets employees of businesses that routinely perform wire transfer payments or work with foreign companies or suppliers. This form of cybercrime is steadily on the rise, and companies are losing thousands, even millions of dollars instantly because of a spoofed or compromised email address.
How it Happens:
First, the scammers target the email accounts of business executives or high-level employees. Either they will gain actual access to those individuals’ email accounts through a targeted phishing attack and wait for the perfect time to take over (such as when those employees go on vacation or leave for a business trip), or they will simply spoof the email address and change where the email is sent when it is replied to. This is called header manipulation. Then, they will email an employee within an organization who may be responsible for making wire transfers or handling funds, asking them to process a transaction.
When you receive any requests to transfer or wire funds:
To prevent YOUR email from being the one that is compromised:
It is best to have a wire transfer process in place that requires more than just an email request. Either a phone call, face-to-face, or multi-person process is best.
Remember, you are the key to preventing cybercrime in your organization.