7 Ways to Protect Your Company Against BEC Scams
You receive an email from a supplier notifying you of an unpaid invoice and asking you to verify your account info so they can withdraw funds. As a responsible business owner, you immediately verify the info so you’re back in good standing with your supplier. You call your supplier rep to let them know you’ve paid the invoice and you hear the words “you don’t have an outstanding invoice.” By the time you call the bank the money is gone and there’s no way of getting it back.
The Growing Threat of BEC Scams
This scenario is becoming all too familiar in today’s world of wire-transfers and automatic withdrawals. Business Email Compromise Scams, or BEC Scams, target businesses of all sizes. Scammers target business owners and employees, trying to get them to perform an action that sends money to the scammers account or send sensitive information that can be used for other crimes, like Identity Theft. BEC Scams have become so problematic that the FBI has started to warn about them. The FBI assess total damage of BEC Scams at over $3 Billion and counting! In June of 2018, over 70 people were arrested in one coordinated, international BEC Scam investigation!
Why are BEC Scams So Effective?
People and businesses fall prey to BEC Scams because they’re sophisticated and start with gathering intelligence. Scammers typically compromise a CEO or upper management personnel’s email account and study the business and company procedures. Scammers figure out the best way to attack a company before striking. They target all aspects of a business, but typically focus on:
- HR Departments – Scammers can gain access to employees’ personal information and W-2 forms
- Accounts Payable – Scammers try and access company accounts and scam employees into transferring money
- Upper Management & Owners – They’re the initial “in” for scammers. They have all the info and clearances with the least amount of checks and balances
Seven Ways to Protect Against BEC Scams
- Verify all changes or updates for account info and payment instructions to vendors and suppliers.
- Maintain hard-copy files and contact lists! In today’s digital world it’s easy to overlook the need for paper. But keep a printed record of vendor contact information and discuss with your supplier representative how accounts payable will be handled.
- Train your finance and HR team. Write and implement an action plan for the handling of sensitive information and who is authorized to request it.
- Limit the number of employees that have access and authority to use sensitive information or transfer money.
- Use two-factor authentication methods wherever possible. It may seem like a hassle but spending a little extra time could save you thousands!
- For larger companies and wire-transfers, use out-of-band authentication to verify any and all wire-transfer requests.
- Foster open communication in the work place. Make sure your employees know that if they receive non-verbal requests to do something out of the ordinary, that they should question it! Double or even triple-check requests to send money or sensitive information, even if comes their direct boss or upper management!
Pros 4 Technology Can Help
Your business faces cyber threats every day! Let Pros 4 Technology assist you and your company. We want to make sure your company and data is safe from BEC scams and other threats. Contact us today!