Watch out for BEC scams

Last year, the FBI issued a warning regarding BEC (Business Email Compromise) scams.  Unfortunately, security professionals report that those types of scams are increasing in frequency, and worse, the most recent ones come with a disturbing new twist. The latest incarnation of the scam targets employees, seeking to move their direct deposited paychecks into accounts controlled by the hackers.

The execution is simple enough.  All a hacker needs is the same information as what they get when they steal a person's identity.  Armed with a target's email address and banking information, all a hacker has to do (in most cases) is send a formal request to HR, explaining that the target has a new bank account and asking that the paycheck be sent to the details provided.

It all seems legit to the HR personnel receiving the request because all of the information is accurate. In a growing number of cases, nobody even thinks to check or confirm that the switch has been authorized by the employee in question.

Growing popularity of this scam

Researchers who have been following the growth in popularity of this approach had this to say about guarding against it:

"If a two-factor online system is not being used, we recommend ensuring an element of human contact is established before completion of the request, in addition to checking that the email address is from a legitimate source."

How big a problem is this type of thing?

According to the latest FBI statistics, between October 2013 and May 2018, businesses suffered total losses estimated at more than $12 billion, worldwide.

Our perspective

If that doesn't get your attention, few things will.  This is a large and growing problem, but thankfully, it's one that can be easily fixed by putting a few additional common-sense safeguards in place.


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, law firms, and construction companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this report

Executive Report: 10 Hidden IT Risks That Might Threaten Your Business