No matter the size of your office – or whether it’s a business, government or nonprofit organization – be on the lookout for phishing scams that appear to be routine emails from colleagues or the boss.
A new Better Business Bureau study reports that business email compromise scams have cost businesses and other organizations more than $3 billion since 2016.
How the scam works
You are in charge of paying bills at your office, and you get an email that appears to be from the CEO or another executive. The message seems like a routine request. The boss may ask you to wire money to a vendor or send employee tax information to an accountant.
In other variations, the scammer pretends to be another employee asking to have his or her pay deposited into a new bank account, or the email may look like it’s from a vendor or supplier requesting a change in invoice payment. In some cases, scammers even pretend to be someone from a charity or religious organization asking the recipient to buy gift cards on their behalf.
No matter what the scammer claims, the end result is the same. If you send the money, it goes into an account controlled by the con artist. These scams, sometimes called “spear phishing,” have resulted in more losses than any other type of fraud in the U.S., according to the FBI.
Tips to avoid the scam
• Secure accounts. Set up multifactor authentication for email logins and other changes in email settings. Be sure to verify changes in information about customers, employees or vendors.
• Train staff. Create a secure culture at your office by training employees on internet security. Make it a policy to confirm all change and payment requests by phone rather than relying on email.
If you’ve been a victim of fraud, call the bank to stop payment on the falsely made charge. Report it to the FBI in the U.S. or the Anti-Fraud Centre in Canada. If a report is filed within 48 hours, there is a chance the money can be recovered.
Complain to the FBI’s Internet Crime Complaint Center. IC3 also asks people to report unsuccessful business email compromise scam attempts. Information from attempts may help establish patterns or identify mule bank accounts.
For more information, visit bbb.org/becstudy or bbb.org/scamstudies.