The FBI recently reported they anticipate a rise in Business Email Compromise (BEC) schemes, with fraudsters taking advantage of the COVID-19 outbreak to lure businesses into sharing account information.
BEC schemes are nothing new to most businesses, as scammers target anyone who performs legitimate funds transfers, especially ACH or wire transfers. In a typical scheme, you might receive an email appearing to be from a company you normally conduct business with. That email then requests funds be sent to a new account or something outside the norm.
Recently, scammers have adopted the COVID-19 topic to portray added urgency to their messaging, or as the reason for the changes to existing procedures. Some example of actual attempts shared recently by the FBI include:
- Schemes targeting municipalities purchasing personal protective equipment or other supplies needed in the fight against COVID-19.
- Requests to change a $1 million wire transfer date and account “due to the Coronavirus outbreak and quarantine process and precautions,” using an email address just one letter different from a safe sender.
- Emails claiming that all invoice payments be changed to a different bank because their regular bank accounts “were inaccessible due to Coronavirus audits.”
Know the signs of a BEC attempt
To protect yourself from falling victim to a BEC scam, the FBI advises to be on the lookout for the following red flags:
- Unexplained urgency, or urgency related to coronavirus or COVID-19.
- Last minute changes in wire instructions, recipient account information, email account addresses or established communication platforms.
- Refusal to communicate via telephone or online voice or video platforms, insisting on email instead.
- Requests for advance payment of services when not previously required.
- Requests from employees to change direct deposit information.
Some other red flags to look for include misspellings in an email address of the body of the email. Despite that, know that fraudsters have gotten increasingly sophisticated, and their email may look legitimate.
Follow best practices to protect your business
The FBI also recommends the following tips to help protect yourself and your assets:
- Be skeptical of any last-minute changes in wire transfer instructions or recipient account information.
- Verify any changes by calling the contact on file; do not contact the requestor through the contact information in their email.
- Check all URLs and email addresses for validity and misspelling, however minor.
- Validate than an email sender matches the email address.
If you discover you are the victim of a fraudulent incident, immediately contact your financial institution as soon as possible.