The Business E-mail Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform payments using an email from a company owner (CEO or CFO) as the authority to carry out the payment. Little does the payment processor know that the email is not a genuine company request.
There are two variations of this fraud type, which are as follows – Email spoofing – This involves the manipulation of an email address to make the senders email address appear to have originated from someone or somewhere other than the actual source.
The fraudsters spoofs the vendors email to submit the modified invoice. It doesn’t require compromising the vendor’s email system, but instead sends the invoice from an email that is so close to the domain of the vendor that most people would miss the change, for example, @CompanyABC.com instead of @CompanyACB.com.
Compromised Email Account - This involves the compromise of an executives email account within the organisation, such as the CFO (Chief Financial Officer). The fraudster sends a request for a payment from the compromised email account to another, often junior employee to action.
- Make sure staff are aware to check the email address the payment request is sent from, and have suitable checks in place to verify any new payment request received by way of email.
- Always regularly review your organisations controls to make sure that you have suitable payment controls in place to not fall victim to this type of fraud.
Read more about Business Email Compromise here