The Latest Threat: Business Email Compromise (BEC) Scams
The latest scam plaguing businesses …
by Michelle Florez, Senior Product Specialist at Banker’s Toolbox
Wire fraud continues to plague businesses. The most common method these days to perpetuate wire fraud is the business email compromise scam (BEC). According to the AFP Payments Fraud and Control Survey, 64% of respondents reported that their organizations had been targeted in a BEC attack. That same survey shows that wire fraud has jumped from 14% in 2013 to 48% in 2015.
The BEC scam goes something like this: an accounting professional receives an email from an executive at a business that the company needs to wire a large amount to a new beneficiary before the end of the day. What the accounting professional does not know is that the email is a fake, and the corresponding wire request is fraudulent. The wire request coming to the financial institution is via a legitimate sender. If a bank or credit union uses their normal method of wire verification back with the business, they speak with the accounting professional who shares that she or he authorized the wire. By the time the business realizes the request was fake, the money has been sent out.
So, what can financial institutions do to mitigate this scam? Banker’s Toolbox offers wire fraud detection and prevention in our WirePro and BAM+ suites. The Wire Fraud Scenarios within BAM+ combine behavioral and statistical typologies to identify suspicious wire activity, stopping it before it becomes a loss. Within the Scenarios, you can capture any type of peer/risky customer group and modify scenario parameters for specific customers. You can also set expiration dates for exemptions and scenarios, as well as schedule future reviews. All of this makes it easy to provide comprehensive coverage while minimizing false positives.
WireFraud Manager, built within WirePro, automatically halts potentially fraudulent transactions if they are identified as suspicious. It can detect abnormal wires then flag them for further investigation. A wire can be deemed fraudulent if it matches one of our preexisting criteria. Once blocked, it is held so the user can research the wire before deciding to deny or allow. It can screen wires originating from online banking as well, where the risk of malware and hacker attacks increases every day, as mentioned above.
In addition to these transactional monitoring tools, financial institutions can educate their customers and members on awareness of this scam. One such resource called “8 Practical Tips to Avoid Being the Victim of a Business Email Compromise Scam” is available from Holtzman partners, the same company that completes the BAM+ model validation for Banker’s Toolbox each year. The article suggests employee awareness, a two-step wire verification process, involving IT, and more as ways to avoid this recent type of wire fraud.
What are some BEC scams you’ve heard of recently? What are some tips to prevent them? Let us know on Facebook or LinkedIn. To learn more about the wire fraud prevention tools from Banker’s Toolbox, visit our main page.