Protect Your Business from Fake Email Scams: A Guide to Business Email Compromise

BEC fake email banner

Avoid Being on the Receiving End of a BEC Fake Email Attack

Business email compromise (BEC) attacks are on the rise, and it’s costing businesses billions. Cybercriminals have become so good at it that experts estimate that between 2019 and 2021, BEC attacks increased 65%, costing businesses more than $43 billion. 

 

What exactly is a BEC attack?

 

A BEC attack is a highly sophisticated form of phishing, sending fake but legitimate-looking emails to trick an employee into complying with an “official” request for money or sensitive information. In practice, the email looks authentic, coming from a company official or vendor making an apparently legitimate request for money to be wired or deposited into a checking account controlled by the scammer. It may even contain a fake link to a news site or a blog post.

 

Scams include: 

  • False invoices appearing to come from a vendor requesting payment, 
  • Money requests from an authority figure within the company, 
  • Information requests from a legal representative, or 
  • Inquiries about employees through human resources. 

 

Scammers target lower-level employees who are more likely to comply with requests from authority figures.

 

How to prevent BEC attacks

 

The best defense against BEC attacks is awareness and training. Employees should be well-educated on protocols for verifying email requests for money or information and how to spot fake emails. Here are several additional steps a business can take to prevent BEC attacks:

 

  • Verify the sender’s email. Look for slight variations in an email address from a legitimate sender, such as changing the company address from [email protected] to [email protected] xyz_company. 

 

  • Don’t hit “reply”. Start a protocol to stop hitting “reply” and using “forward” to respond to emails. That requires employees to manually type in the intended email address. 

 

  • Verify requests. Another standard protocol should be to confirm face-to-face, or by phone, any email requests for wire transfer or confidential information. Never use the phone number in an email to confirm. Instead, look up the number from the business that the email purportedly came from.

 

If your business has been targeted with a BEC attack, contact your financial institution and information technology staff. File a complaint at www.IC3.gov

About This Author

avatar

Alpine Bank Staff

Alpine Bank is an independent, employee-owned organization with headquarters in Glenwood Springs and banking offices across Colorado’s Western Slope, mountains and Front Range.

More about Alpine Bank Staff

LinkedIn

Related Products

Liberty Checking

Get all the checking essentials, including digital services. On top of that, waive the statement fees by going paperless.

Learn More about Liberty Checking

Loyalty Visa® Debit Card

Give back to your chosen cause. Whether it's the arts, education, environment or beyond, small change makes a big difference.

Learn More about Loyalty Visa® Debit Card

Green Lending

Various consumer and business loan programs to help our customers make energy and resource improvements to their lives.

Learn More about Green Lending
Allpoint It’s your money after all. Find a surcharge-free ATM
FIND A SURCHARGE-FREE ATM!
AllPoint