It is all too easy in this current climate to experience business email compromise. Also known as Email Account Compromise (EAC), it is one of the most financially damaging online crimes. It uses the fact that the majority of businesses rely on email to conduct business, whether it be personal or professional. Phishing is a tactic used with email account compromise that persuades you to take action that will ultimately give the scammer access to your device, accounts, or personal information.
As more phishing scams are uncovered, there’s more and more guidance about how to protect yourself. In fact, the 2020 AFP Payments Fraud and Control Survey Report listed BEC as a declining threat. Only 75% of companies in the survey were impacted by BEC, a 5% decline from the previous year.
Fraudulent emails typically appear as if they are coming from a known source. Some examples of what you may see in your inbox include:
- A Vendor Email: Some fraudsters can actually hack into the sender’s email to appear as if your vendor is sending you an information request
- Notice from a Third-Party Requesting Changes to Account: Emails may ask for bank accounts or payment instructions
- Emails from Executives: Some spoof emails are disguised as emails from senior executives directing finance personnel to transfer funds
While there are many other scenarios, versions of these happen to real victims of email fraud every day. This can result in thousands or even hundreds of thousands of dollars being stolen from companies.
How Does This Happen?
There are multiple ways that a scammer might hack into your email account. Below are a few things to look out for in your inbox.
- Fake Email Account or Website: Slight, almost undetectable variations on real email addresses, such as a switched letter or added number, can easily fool you into thinking they are authentic.
- Spearphishing Emails: These messages appear to be from trusted senders and act as a trick to convince you into revealing confidential information. This helps them gain access to company accounts, calendars, and other personal data that provides details to complete a scam.
- Malware: Malware, or malicious software, can infiltrate company networks, consequently gaining access to email threads that could contain financial information.
These are just a few examples of how your email inbox can be attacked but it is important to be on the constant lookout for anything out of the ordinary or suspicious.
How Can I Protect My Inbox?
Being smart about your online presence is vital to protecting personal and business information. Luckily, there are ways to monitor your online presence and maintain a secure inbox.
- Be mindful of what information you share publicly online or on social media. Sharing things like pet names, school information, family members, or even your birthday gives a scammer valuable information they need to crack your password or even answer a security question.
- If anything suspicious shows up in your email or in your text message inbox, don’t click on it. If it’s from a company you work with and trust, call the phone number on your own, don’t use any information in the email or text. This way you can verify if the company is actually contacting you or if it is a scammer.
- Look out for unnecessary urgency in the email tone regarding payments or verifying account information.
- Carefully read and examine the email address, spelling of the message, and URL. Scammers tend to use slight differences to quickly gain your trust and attention.
- Check the greeting. Many fraudulent emails may have a greeting such as “Dear Customer” instead of using your name or company.
- Be cautious of what you download. Resist opening an email attachment from an unknown source and also be cautious of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it.
- If possible, verify payment and purchase requests with the person involved by an in-person meeting or a phone call. Any change in an account number or payment procedures should be done with the person making the request.
If you spot a phishing email, delete it without opening it and block the sender. Consider using a password manager to further protect your accounts. And most importantly, secure your inbox with internet security software and be a cautious internet user. Scammers are relentless and will continue to attempt to gain your personal information, so put your best foot forward and protect yourself and your business.
And as always, remember that Carter Bank & Trust will not email you requesting your personal or business information. We offer Business Banking customers access to the Commercial Center where you can manage any transactions you need to from a secure, password-protected environment.