Return to Insights

Protecting against Business Email Compromise scams during the COVID-19 outbreak

Laura Burr

The FBI recently reported they anticipate a rise in Business Email Compromise (BEC) schemes, with fraudsters taking advantage of the COVID-19 outbreak to lure businesses into sharing account information.

BEC schemes are nothing new to most businesses, as scammers target anyone who performs legitimate funds transfers, especially ACH or wire transfers. In a typical scheme, you might receive an email appearing to be from a company you normally conduct business with. That email then requests funds be sent to a new account or something outside the norm.

Recently, scammers have adopted the COVID-19 topic to portray added urgency to their messaging, or as the reason for the changes to existing procedures. Some example of actual attempts shared recently by the FBI include:

  • Schemes targeting municipalities purchasing personal protective equipment or other supplies needed in the fight against COVID-19.
  • Requests to change a $1 million wire transfer date and account “due to the Coronavirus outbreak and quarantine process and precautions,” using an email address just one letter different from a safe sender.
  • Emails claiming that all invoice payments be changed to a different bank because their regular bank accounts “were inaccessible due to Coronavirus audits.”

Know the signs of a BEC attempt

To protect yourself from falling victim to a BEC scam, the FBI advises to be on the lookout for the following red flags:

  • Unexplained urgency, or urgency related to coronavirus or COVID-19.
  • Last minute changes in wire instructions, recipient account information, email account addresses or established communication platforms.
  • Refusal to communicate via telephone or online voice or video platforms, insisting on email instead.
  • Requests for advance payment of services when not previously required.
  • Requests from employees to change direct deposit information.

Some other red flags to look for include misspellings in an email address of the body of the email. Despite that, know that fraudsters have gotten increasingly sophisticated, and their email may look legitimate.

Follow best practices to protect your business

The FBI also recommends the following tips to help protect yourself and your assets:

  • Be skeptical of any last-minute changes in wire transfer instructions or recipient account information.
  • Verify any changes by calling the contact on file; do not contact the requestor through the contact information in their email.
  • Check all URLs and email addresses for validity and misspelling, however minor.
  • Validate than an email sender matches the email address.

If you discover you are the victim of a fraudulent incident, immediately contact your financial institution as soon as possible.

Laura Burr

About Laura Burr

In her role as Deposit Administration Manager, Laura oversees a team of over 50 Bremer employees managing transactions, payment services, loss prevention, electronic services, card services and deposit administration.Laura joined Bremer Bank in 2015, bringing with her over ten years prior experience in deposit service and supervisory roles at another institution.  Laura holds an MBA from Concordia University - St. Paul and a BASc in Business Administration and Management from University of Nebraska. She serves as a Board Member of Upper Midwest Automated Clearing House Association (UMACHA), an industry resource in the electronic payments industry. )

More on Laura