FBI Scam Alert: Educate Your Employees!
Please wire $195,767.61 to the account information attached. Code to admin expenses and please send me confirmation when completed.
Imagine you are John and typically receive requests for wire transfers from your supervisor, George. Are you going to ignore the request, complete the request as asked, or verify the request? Most would complete the request as asked, however, i3’s hope is that you will think twice after reading this.
Several employees have received similar messages from their bosses. However, such emails are fraudulent and are a part of a recent Business E-mail Compromise (BEC) scam which has involved thousands of companies and millions of dollars.
Business all over the United States and in other countries are targets of this scam. Businesses that work closely with international companies and perform wire transfers frequently are a preferred target.
There are a couple varieties of the BEC scam:
- More commonly is when an executive’s email is compromised. It will appear that the executive sent the email instructing an employee to transfer money to an account. These instructions are to transfer money in order to expedite a foreign transaction and to keep the details confidential. To make it more believable, the scammers will mention an outside attorney then pose as the attorney and follow-up with a phone call. Often, the scammer will email the employee while the said executive is traveling.
- Another form of this is from a vendor perspective. Again, the employee that handles the wire transactions receives an email about a recent change in accounts and instructions to forward payments to a new account instead of the previous one.
Once the money is transferred, it keeps moving throughout a variety of bank accounts until it finally lands in a bank account typically in Asia according to officials.
Your business could be in danger, thus recently the FBI, Financial Services Information Sharing and Analysis Center, and the United States Secret Service published recommendations to avoid the possibility of getting involved in the scam. Their suggestions include:
- Verification is imperative. When a vendor wants to change account information, make a phone call which will confirm the change in the details. Or if an executive requests an unusual wire transfer, once again call!
- Manage the risk by limiting the number of people authorized to make wire transfers. The fewer, the better.
- Stop… and delay. Wait until the transaction can be verified for authenticity.
- A company website and related social media provide a window into the company’s inner workings that allow the scammer to tailor the email to the recipient appears more trustworthy. So be careful what information is posted and who can see it.
- Set up guidelines for wire transfers and require 2-step verification for:
1. Wire transfer amount greater than a certain amount
2. Any new vendors or partners
3. Updated or changed account details for current trading partners
4. Transfers that include countries outside of the ordinary trading pattern
If contacted with a strange request that reflects characteristics of the BEC scam, report it immediately.
A division of the FBI, the Internet Crime Complaint Center (IC3), is experienced with handling such complaints. When filing the complaint make sure to include significant details such as subject of message, the amount demanded, the account information and provided instructions, what company/people are demanding the money and any other information that might be helpful.
Save the emails and other related documents for when the IC3 investigates. Don’t be the next company to fall prey to this scam, pass this information along and educate your employees. Stay up to date on other security risks and breaches – check out IC3’s press releases.Mike Ritsema President i3 Business Solutions