Last week, a client of ours received the phishing email below requesting wire transfer account information. Fortunately for them, they did not fall for it. In the actual email, real names and real emails were used and the recipient, "Jane", was likely to have the information the scammer sought.
This is a growing trend in what the FBI/IC3 have called Business Email Compromise (BEC). BEC is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The follow is an example of the BEC email our clients received:
To avoid the risk of a BEC scam, we recommend you do the following:
- Make sure you have a good email security filter in place. While this will not stop 100% of these from getting through, it is your first line of defense and will block the majority of spam and phishing emails.
- Do not publish the emails and titles of company individuals on your website. Use a contact form instead. In fact, avoid publishing business emails on any internet site.
- Implement a multi-step process to validate any request for wire transfers or even account information. If you do a high volume of transfers, there are technology solutions such as those used by the banking industry to assist in securing your transfer.
If you are a client and would like Systems Engineering to run an internet email exposure report for your email domain, contact your SE Account Manager. For all others, click on the button below.