Secure Account Sign In


Sign In Assistance ›

Business Email Compromise: How To Avoid It

06/06/2024

A sophisticated kind of fraud targeted at businesses is causing big problems: business email compromise, or BEC. According to the FBI, more than $50 billion in fraud losses due to BEC were reported between 2013 and 2022. “Current global daily losses are estimated at approximately $8 million,” reports the United States Secret Service.

The National Cybersecurity Alliance describes business email compromise scams this way: “a scammer uses an email to trick someone into sending money or divulging confidential company info.” These scammers often appear to be known vendors and include “new payment instructions” or request an invoice be paid to an updated mailing address. The U.S. Secret Service says that businesses that deal with real estate, finance, education, healthcare, or information technology are particularly vulnerable.

Here's how BEC scams typically work:

  1. A bad actor gets control of a business email address: Many business email accounts are set up with inadequate security measures. Hackers will attempt to access them via malware, or by phishing (encouraging employees to click links that give fraudsters access).
  2. Once they’re in, the scammer targets other businesses: The bad actor will identify customers who regularly do business with the now-compromised organization. Then they’ll send those customers fake invoices, past due notices, or new payment instructions – all to steal that customer’s money.

These scams are intricate and effective. So what can you do if you think you’re on the receiving end of a BEC scam? Here are tips from the FBI:

  • Verify before you send money: If you receive an email from a trusted email domain sharing “new payment instructions,” double-check that the request is real. Make a phone call to the vendor requesting money to confirm that the request isn’t coming from a scammer.
  • Set up two-factor authentication: these days, just a password isn’t enough. If you have the option to enable two-factor authentication, do so – and don’t disable it.
  • Watch for additional red flags: if the requestor is asking you to act quickly, that’s a sign that something isn’t right.

Finally, if you believe you’ve been targeted by a BEC scam or have fallen victim, don’t hesitate to report the crime. Let your financial institution know what happened and file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

For more tips on keeping yourself and your business safe from fraud, spend some time browsing the FIBT Education Center.

Security

About Us

Who is FIBT?

First International Bank & Trust (FIBT) is a full-service, family-owned, independent community bank serving a wide range of communities across North Dakota, South Dakota, Minnesota, and Arizona.

Learn More

Related Content

Budgeting Business Banking Financial Planning Insurance Mineral & Land Mortgage Personal Banking Security Wealth Management