Business email compromise is a threat to businesses of all sizes. The scheme involves malicious emails which appear to be from a legitimate vendor or employee. However, the vendor or employee’s email account is compromised and is under control of a fraudster. The malicious email will instruct that funds be sent to a new account, payment be sent to an unknown individual, or gift cards be purchased. Email compromise schemes target payments intending to be sent via wire transfer, check payments, and/or automated clearing house (ACH) payments.
There are ways to avoid falling victim to business email compromise. These include:
- Obtain verbal confirmation prior to changing payee information.
- Use caution and be skeptical of payment instructions received via email.
- Require all payment or fund transfer requests be verified, either face to face or voice to voice.
- Avoid clicking links or opening attachments in unsolicited emails.
- Utilize strong passwords on email accounts.
Look for red flags on emails such as:
- Sense of urgency
- Improper grammar
- Spelling errors
- New/unknown sender
- Email contains a link or attachment that is abnormal
- Sender claims to be busy or unavailable and requests electronic communication only
Consider these action items:
- Ensure all employees are aware of this scheme and the red flags to identify.
- Revise current processes to include verbal verification for all payment requests or payee update requests.
Be cautious of payment transfer requests and requests to change information. Strong verification measures can prevent illegitimate payments from leaving your company.
Let us know if you have any questions.
Call us toll-free at 800.843.1552 or
send us a message in Digital Banking.
If you prefer a face-to-face conversation, visit us at
your nearest First Bank & Trust location.
