I have warned you numerous times in the last few years about the Business Email Compromise scam which continues to be an effective scam perpetrated against many companies. According to FBI figures the amount of money lost to victims of this scam last year reached a record 1.77 billion dollars. Generally this scam involves an email to the people who control payments at a targeted company. These people receive an email purportedly from the CEO, company attorney or even a vendor with which the company does business requesting funds be wired to a phony company or person. At its essence, this scam is remarkably simple and relies more on simple psychology instead of sophisticated computer malware. Often the scammers will do significant research to not only learn the name of the key employees involved with payments within a company, but also will infiltrate the email accounts of company employees for a substantial period of time to learn the protocols and language used by the company in making payments. The scammers also gather information from the company’s website and from social media accounts of its employees, all in an effort to adapt their message to seem more legitimate.
Earlier this week, Barbara Corcoran, one of the stars of the television show “Shark Tank” admitted that her company lost $388,700 to this scam. According to Corcoran, “I lost the $388,700 as a result of a fake email chain sent to my company. It was an invoice supposedly sent by my assistant to my bookkeeper approving the payment for a real estate renovation. There was no reason to be suspicious as I invest in a lot of real estate.” In this case, the scammer didn’t even hack into the email account of Corcoran’s assistant, but rather sent an email from an email address that appeared at first glance to be the email address of Corcoran’s assistant, but upon closer examination was a single letter different, which mistake was not recognized by Corcoran’s bookkeeper who wired the money to pay the phony invoice to the scammers. Once funds are wired, they are lost forever.
In order to avoid this scam, companies should be particularly wary of requests for wire transfers made by email. Wire transfers are the preferred method of payment of scammers because of the impossibility of getting the money back once it has been sent. Emails requesting payments to be sent to new bank accounts should also be investigated thoroughly before responding. Verification protocols for wire transfers and other bill payments should be instituted including, dual factor authentication when appropriate. Companies should also consider the amount of information that is available about them and their employees that can be used by scammers to perpetrate this crime. They also should have strict rules regarding company information included on employee social media accounts that can be exploited for “spear phishing” emails which play a large part in this scam. Finally, employees should be specifically educated about this scam in order to be on the lookout for it.
As for us as individuals, we should also be careful about responding to requests for payments, particularly payments requested to be wired. Never send funds in response to an emailed invoice, text message or phone call unless you have absolutely confirmed that the demand for payment is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”