Preventing Corporate Email Scams
As long as there has been email there have been email scams. Bad actors trying to get something that doesn’t belong to them or that they have no right to. No one knows for sure how much is truly lost to this criminal element worldwide, but according to the United States government, reported business email compromise (BEC) scams accounted for losses of $1.7 billion in 2019. These losses were from the 23,775 cases that were reported and are one of the most financially damaging online crimes. Additionally, this figure represents only those cases reported at the federal level.
So many of us rely on email to conduct business, both personal and professional, it is easy to see why this is a serious line of attack for criminals. What is a BEC scam? It is when a criminal sends an email message that appears to come from a known source such as a vendor or bank. The request looks legitimate.
A scammer carries out a BEC scam in many forms.
They can spoof an email account or website by making a slight variation on a legitimate address. This fools the victim into thinking the fake account is authentic. For example, john.kelly@examplecompany.com may be the real address, but the scammer changes the last name of the sender to john.kelley@examplecompany.com.
Another common ploy used is phishing. The message may look like it is from a trusted sender and tricks the receiver into revealing confidential information. That information then allows the criminal to access company accounts, calendars, and data that gives them the details they need to carry out a BEC scheme.
Another way to carry out an email scam that gets much more press is the use of malware. Malware is malicious software that can infiltrate company networks. Malware allows criminals to gain access to data, passwords, and financial account information. It also can gain access to legitimate email threads about billing and invoices. That information is then used to time requests or send messages so accounting or financial officers are less likely to question payment requests.
Examples of actual emails scam attempts:
A vendor at your company who you regularly interact with sends an invoice with an updated mailing address
A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away
A home buyer received a message fr