Avoid Becoming a Victim Becoming a Victim of a BEC Scam
InOctober 2013, the InternetCrime Complaint InternetCrime Complaint Center(IC3)began Center(IC3)began receiving complaints from receiving complaints from businesses about trusted businesses about trusted suppliers requestingwire suppliers requestingwire transfers thatendedup in transfers thatendedup in banks overseas—and banks overseas—and turnedouttobe bogus turnedouttobe bogus requests.Since then, requests.Since then, losses from the business losses from the business e-mail compromise (BEC) e-mail compromise (BEC) scam have been scam have been significant. significant.
“For victims reporting a “For victims reporting a monetary loss to the IC3, monetary loss to the IC3, the average individual the average individual loss is about$6,000,” loss is about$6,000,” said Ellen Oliveto, an FBI said Ellen Oliveto, an FBI analystassignedtothe analystassignedtothe center. “The average loss center. “The average loss toBEC victimsis toBEC victimsis $130,000.” IC3 offers the $130,000.” IC3 offers the followingtipsto followingtipsto businesses to avoidbeing businesses to avoidbeing victimizedbythescam (a victimizedbythescam (a moredetailedlist of moredetailedlist of strategies isavailable at strategies isavailable at www.ic3.gov): www.ic3.gov):
- Verify changes in vendor - Verify changes in vendor paymentlocation and paymentlocation and confirm requests for confirm requests for transfer offunds. transfer offunds.
- Be wary offree, web-- Be wary offree, web-basede-mailaccounts, basede-mailaccounts, which are more which are more susceptible to being susceptible to being hacked. hacked.
- Be carefulwhenposting - Be carefulwhenposting financial and personnel financial and personnel informationtosocial informationtosocial media and company media and company websites. websites.
- Regardingwire transfer - Regardingwire transfer payments, be suspicious payments, be suspicious ofrequests for secrecy or ofrequests for secrecy or pressure totake action pressure totake action quickly. quickly.
- Consider financial - Consider financial security procedures that security procedures that include a two-step include a two-step verificationprocessfor verificationprocessfor wire transfer payments. wire transfer payments.
- Create intrusion - Create intrusion detection system rules detection system rules thatflage-mailswith thatflage-mailswith extensions thatare extensions thatare similarto company e-mail similarto company e-mail butnotexactly the same. butnotexactly the same. Forexample, .coinstead Forexample, .coinstead of.com. of.com.
- If possible,register all - If possible,register all Internetdomainsthat are Internetdomainsthat are slightlydifferentthanthe slightlydifferentthanthe actual company domain. actual company domain.
- Knowthe habits ofyour - Knowthe habits ofyour customers, includingthe customers, includingthe reason, detail, and reason, detail, and amount ofpayments. amount ofpayments. Beware ofany significant Beware ofany significant changes. changes.