WASHINGTON—The FBI has issued a new reminder that business email compromise (BEC) scams continue to a high risk to financial institutions.
As CUToday.info reported earlier here, an increasing number of financial fraud schemes related to coronavirus and fake emails claiming to be from organizations such as the Centers for Disease Control and Prevention are increasingly targeting consumers.
But businesses are anything but immune, the FBI is warning.
BEC scams target anyone who performs legitimate funds transfers. Recently, there has been an increase in BEC frauds targeting municipalities purchasing personal protective equipment or other supplies needed in the fight against COVID-19, the FBI said.
“In a typical BEC scheme, the victim receives an email they believe is from a company they normally conduct business with, but this specific email requests funds be sent to a new account or otherwise alters the standard payment practices,” the agency said.
Scam Examples
The FBI said recent examples of BEC attempts include:
- A financial institution received an email allegedly from the CEO of a company, who had previously scheduled a transfer of $1 million, requesting that the transfer date be moved up and the recipient account be changed “due to the Coronavirus outbreak and quarantine processes and precautions.” The email address used by the fraudsters was almost identical to the CEO’s actual email address with only one letter changed.
- A bank customer was emailed by someone claiming to be one of the customer’s clients in China. The client requested that all invoice payments be changed to a different bank because their regular bank accounts were inaccessible due to “Corona Virus audits.” The victim sent several wires to the new bank account for a significant loss before discovering the fraud.
Red Flags
To protect the organization from this fraud, the FBI advises staff to be on the lookout for the following red flags:
- Unexplained urgency
- Last-minute changes in wire instructions or recipient account information
- Last-minute changes in established communication platforms or email account addresses
- Communications only in email and refusal to communicate via telephone or online voice or video platforms
- Requests for advanced payment of services when not previously required
- Requests from employees to change direct deposit information
How to Protect Yourself
The FBI also recommends the following tips to help protect the organization:
- Be skeptical of last-minute changes in wiring instructions or recipient account information.
- Verify any changes and information via the contact on file—do not contact the vendor through the number provided in the email.
- Ensure the URL in emails is associated with the business it claims to be from.
- Be alert to hyperlinks that may contain misspellings of the actual domain name.
- Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s email address appears to match who it is coming from.