Get the app

July 5, 2022 | Business insights

Primary Source of Fraud: Business Email Comprise

Email communication plays a major role in how many businesses conduct their daily operations. Fraudsters continue to adapt their business email compromise (or “BEC”) schemes - and while they may target an entire organization, they often focus their efforts on Accounts Payable departments. According to the 2022 AFP Payments Fraud and Control Report, the number of organizations falling victim to BEC fraud has decreased in the last year but the number of organizations who’ve experienced financial loss due to BEC remained unchanged.

This type of fraud targets business emails authorizing various payments to accounts managed by criminals. The payments often appear to be legitimate transactions, making BEC difficult to identify. Businesses of all sizes are targeted and 68% of companies were targeted by BEC in 2021.

BEC Fraudster Tactics

Below are ways scammers infiltrate organizations:

  • Unauthorized use of online meeting platform
    Through social engineering and with the use of a legitimate business email account, fraudsters request fund transfers using a still image of an executive and “Deep Fake” audio. They might claim their video/audio isn’t working properly and then follow up via email or chat to request a fund transfer.
  • Spoof an email account or website
    In hopes the employee isn’t paying close attention, scammers will send an email from an address that is slightly different from a legitimate address. For example: abby@abccompany vs. abbey@abccompany – look out for email addresses using a capital I in place of a lower-case L or an “r n” in place of an “m”.
  • Send spear phishing emails
    These messages appear to be from a trusted sender to fool victims into releasing confidential information or clicking on an attachment with malware. This information is used by scammers to plan out BEC attacks.
  • Use a compromised email account
    Fraudsters will typically use compromised email accounts to send changes to the payment instructions to an organization in hopes the target will follow the new instructions.
  • Use malware
    Malicious software is used to obtain confidential information such as billing and invoices. The scammer then uses this information to time requests or to send messages so that accounts and financial officers don’t flag the requests. Malware can also give scammers undetected access to data such as passwords and financial accounts.

BEC Payment Targets

Stats on BEC payment targets

As wire transfers are being targeted less, ACH credits are now becoming a primary target of BEC fraud attacks. ACHs are low cost and quick to execute making them a great payment method for organizations. These reasons are also what attracts fraudsters.

Departments Under Attack

Although Accounts Payable departments are often the primary target for BEC attacks, other departments are still susceptible to BEC.

stats on departments under attack

Protecting Your Business

Many companies are implementing procedures and controls to better safeguard their transactions from BEC. Below are just a few of the procedures companies reported using to limit their exposure:

Stats on procedures companies use to limit exposure

Financial loss isn’t the only cost of a successful BEC attack, but the loss of confidential information could also cost the company their customer and/or vendor relationships.

Organizations identified a few key strategies they use to safeguard their payments:

stats on the key strategies in safeguarding payments

Employing fraud mitigation best practices, products, and services such as Check and ACH Positive Pay, Commercial and/or Virtual Cards, account blocks, and more, can validate payments and stop fraudulent transactions.

Contact a banker today to discuss payment strategies that will better protect your business.

For more tips on how to protect your business from fraud, Fraud Prevention Guide.

Source: Association for Financial Professionals: 2022 Payments Fraud and Control Survey Report

As with all serious financial topics or decisions, be sure to consult with a trusted financial advisor beforehand. The content here is for educational purposes only and is not meant to serve as any sort of advice or endorsement.