Fraudsters will take advantage of any opportunity to scam unsuspecting individuals and businesses out of their money, and the COVID-19 crisis is no exception. The level of disruption caused by the pandemic itself, as well as the response to the pandemic, is unprecedented. With social distancing and stay at home orders in effect across the country, businesses have temporarily closed their offices and everyone who can is working from home.

These new working conditions were thrust upon companies and their employees with little warning. Without enough time to make the necessary accommodations, internal controls and security were compromised, providing fertile grounds for criminals to prey upon companies with a myriad of scams, including business email compromised attacks.

To discuss business email compromised (BEC) attacks and how businesses can better protect themselves amidst the COVID-19 pandemic, PaymentsJournal sat down with David Barnhardt, Chief Experience Officer at GIACT and Tim Sloane, VP Payments Innovationat Mercator Advisory Group.

PaymentsJournalProtecting Your Business from Fraudulent Attacks on Remote WorkersPaymentsJournal Protecting Your Business from Fraudulent Attacks on Remote WorkersPaymentsJournaljQuery(document).ready(function ($){var settings_ap20375335 = { design_skin: "skin-wave" ,autoplay: "off",disable_volume:"default" ,loop:"off" ,cue: "on" ,embedded: "off" ,preload_method:"metadata" ,design_animateplaypause:"off" ,skinwave_dynamicwaves:"off" ,skinwave_enableSpectrum:"off" ,skinwave_enableReflect:"on",settings_backup_type:"full",playfrom:"default",soundcloud_apikey:"" ,skinwave_comments_enable:"off",settings_php_handler:window.ajaxurl,skinwave_wave_mode:"canvas",pcm_data_try_to_generate: "on","pcm_notice": "off","notice_no_media": "on",design_color_bg: "111111",design_color_highlight: "ef6b13",skinwave_wave_mode_canvas_waves_number: "3",skinwave_wave_mode_canvas_waves_padding: "1",skinwave_wave_mode_canvas_reflection_size: "0.25",skinwave_comments_playerid:"20375335",php_retriever:"https://www.paymentsjournal.com/wp-content/plugins/dzs-zoomsounds/soundcloudretriever.php" }; try{ dzsap_init(".ap_idx_87146_2",settings_ap20375335); }catch(err){ console.warn("cannot init player", err); } });

What are BEC Attacks?

BEC, or business email compromised attacks, are sophisticated schemes that infiltrate businesses via email with a request targeting individuals with access and authority over company funds. Scammers may ask a controller, or someone in accounts payable, to change the name, account number, address, or other payment instructions of a supplier or someone else that the company owes, allowing the criminals to intercept the funds.

These communications are very deceptively designed. Emails typically come from an address that looks very similar to an address of someone that is known to the recipient, perhaps changing only one letter or character. For an employee who doesn’t notice the altered email address, the payment change request can appear to be legitimate.

BEC attacks are not petty theft. According to the latest statistics from the FBI, 80% of surveyed businesses reported being targeted by a BEC scam, 54% of businesses admitted to being financially impacted by BEC, and roughly $2 billion is lost every year.

Recommend Reading: Provided by GIACT