On October 10, 2022
According to the FBI, business email compromise (BEC) scams, also known as “wire fraud” scams, are on the rise. In 2018, there was a 136% increase in reported BEC/wire fraud losses, totaling over $1.2 billion.
BEC/wire fraud scams typically involve a scammer impersonating a high-level executive or other trusted individual within an organization in order to trick employees into making wire transfers to the scammer’s bank account.
While these scams can be complex and sophisticated, there are a few simple steps that businesses can take to protect themselves.
Educate employees about the threat of wire fraud
Make sure that all employees are aware of the threat of BEC/wire fraud scams and know how to identify them. Employees should be instructed to never wire money to someone they don’t know and to always verify the identity of the recipient before sending any money.
Confirming the wire over the telephone, for example, via a well-known and publicly listed phone number for the company, can help to ensure that the wire transfer is going to the intended recipient. Additional levels of approvals within your organization can also help to reduce the risk of fraud.
Security awareness training can be an effective way to educate employees about the threat and how to protect themselves. Many Managed Service Providers (MSPs), including Hartmann Industries, offer security awareness training as part of their managed services packages.
However, for the best protection, embrace a culture of security within your organization. This means making security everyone’s responsibility and not just the IT department. Employees should be encouraged to report any suspicious activity to the appropriate stakeholders.
Implement security measures to prevent wire fraud
There are a number of technical security measures that businesses can put in place to protect themselves from BEC/wire fraud scams, including two-factor authentication for email and wire transfer systems, and requiring verbal confirmation of wire transfer requests.
Your accounting practices should also be reviewed to ensure that there are adequate controls in place to prevent and detect fraudulent activity. For example, consider requiring dual approval for all wire transfer requests.
In addition to technical security measures, businesses should also have policies and procedures in place for handling wire transfer requests. These should include specifying who is authorized to make wire transfer requests and how these requests should be verified.
Your bank may also allow for a delayed wire, which would give you time to recall the wire before the money is actually sent. This can be an effective way to reduce the risk of fraud, while still allowing for timely payment of legitimate invoices. To be clear, this is a last resort measure as it can cause delays in payments and still puts you at risk of BEC wire fraud.
Monitor IT & bank activity
Monitoring activity for suspicious behavior is another important step that businesses can take to protect themselves. This includes monitoring for unusual wire transfer requests, as well as changes in email patterns, such as a sudden increase in emails being sent from free web-based email accounts.
Your organization should maintain strict controls over its email system, including who has access to the system and what level of access they have. Email systems should be configured to prevent unauthorized access and to log all activity.
Regular reviews of system logs can help to identify suspicious activity and can be used to investigate potential incidents of fraud.
A SIEM solution, such as Azure Sentinel, can also be used to monitor activity and to help to identify potential threats.
Have a plan for the worse
In the event that your business does fall victim to a BEC/wire fraud scam, it’s important to have a plan in place for how to respond. This plan should include steps for immediately halting all wire transfer activity, as well as steps for contacting the relevant authorities, such as your local FBI office.
Your plan should also include steps for conducting a forensic investigation to determine how the fraud occurred and to identify any additional steps that need to be taken to mitigate the risk of future fraud.
Stay up to date with wire fraud tactics
Finally, it’s important to stay up to date on the latest threats and mitigation strategies. The cybersecurity landscape is constantly evolving, and what may have been effective in the past may no longer be adequate.
Make sure that you have a process in place for regularly reviewing your security posture and for implementing new security measures as needed. Your MSP can be a valuable resource in this regard, as they can help you to keep up with the latest trends and threats.
By following these simple steps, businesses can greatly reduce their risk of falling victim to a BEC/wire fraud scam.