Business Email Compromise is Still Going Strong

Imagine realizing that you wired money to a fraudster instead of the intended recipient. It would be devastating, right? That’s Business Email Compromise. BEC involves the impersonation of an authority figure to direct employees to wire money or provide something of value. If no process exists to verify vendor payments or requests for valuable information, your workplace could find itself a victim of BEC.

Portland Public Schools recently fell victim to a BEC scam. Fortunately, they caught it early enough to stop the transfer of $2.9 million to a scammer.

What's your process for verifying payment requests?

Example Scenarios

Handling routine invoice payments or changes to vendor accounts (such as bank routing info) through email makes it easier for scammers to get away with BEC. All they may have to do is fake (spoof) an email from a known vendor and request that Accounts Payable update bank routing information. Next time a payment to that vendor goes through, it winds up in the account of a scam artist.

A culture of handing over confidential information through email is also an avenue by which your workplace may be scammed. Maybe the scammer phishes a CEO for her email password and then impersonates her through email, asking HR to send all employee W-2s. The scammer adds a reply-to address on the email, so that when HR replies with the information, it routes to the scammer and not the CEO.

What to Do

First, ensure you have processes defined around payments, vendor updates, payroll, and confidential information. These processes should include a requirement to properly verify (or forbid) requests that come by email. Train your people on proper information handling practices and tailor it to the job role. Make them aware of Business Email Compromise scams with examples. One of our favorite sites is which you can review for stories about BEC and other cyber attacks.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s