Companies of all sizes are being targeted by criminals through business email compromise scams. In these scams, cybercriminals gain access to an employee’s legitimate business email through social engineering or computer intrusion. The criminal then impersonates the employee often a senior executive or someone who can authorize payments and instructs others to transfer funds on their behalf. According to the FBI’s Internet Crime Complaint Center, over $10 billion has been lost by victims in the U.S. due to these scams.
“Any business that conducts transactions overseas or regularly performs wire transfers should stay alert for these scams,” said Certified Information Security Manager Margo Leiter. “Companies can protect themselves and their employees by using alternative communication channels to verify any large transaction requests and by educating their employees on potential red flags of fraud.”
Tips to Mitigate Cybersecurity Risks for Businesses
We recommend these cybersecurity tips to help businesses and employees avoid business email compromise:
Educate your employees
You and your employees are the first line of defense against business email compromise. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
Protect your online environment
It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
Use alternative communication channels to verify significant requests
Have multiple methods outside of email – such as phone numbers or alternate email addresses – established in advance through which you can contact the person making the request to ensure it is valid.
Be wary of sudden changes in business practices or contacts
If an employee, customer or vendor suddenly asks to be contacted via their personal e-mail address, verify the request through known, official and previously used correspondence as the request could be fraudulent.
Be wary of requests marked “urgent” or “confidential”
Fraudsters will often instill a sense of urgency, fear, or secrecy to compel the employee to facilitate the request without consulting others. Use an alternative communication channel outside of email to confirm the request.
Use a Secure Business Online Banking Vendor
Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions such as callbacks, device authentication and multi-person approval processes.
Your Business Expenses Shouldn't Include Paying for Compromised Data
If you fall victim to a business email compromise scam contact your financial institution immediately to notify them about the fraudulent transfer and request that they contact the institution where the fraudulent transfer was sent. Our family of banks is founded on a history of trust. Contact us to learn about our online banking options for business accounts.
About the Author
Margo Leiter, CISM
Margo Leiter is a resident DeSoto County, where she began her banking career in 1981 at Crews Bank & Trust, formerly First State Bank of Arcadia. In 2008, she took on the role of the Chief Information Security Officer for Crews Bank & Trust. She subsequently became a Certified Information Security Manager (CISM), overseeing management of the company’s Information Security Program to ensure sensitive customer information is safe and secure. In her personal life she enjoys shopping, traveling with her husband, and spending quality time with her children, grandchildren and church family.