Business Email Compromise (BEC) is a serious threat to all companies, and accounts payable departments are particularly vulnerable. Fraudulent parties gain access to company systems and emails and collect information about the company and its suppliers, including payment details. They impersonate legitimate vendors and request changes to contact and banking information, eventually redirecting funds to their accounts.
This article will provide information on how you can protect your company from BEC attacks with the assistance of C3 Tech and Infima Security, an employee awareness and assistance provider.
Identifying BEC Scams
To identify BEC scams, you should watch out for certain tells:
1. Email Address Anomalies: Take a close look at the email address of incoming requests. Small variations might exist, such as changing an “l” to an “i,” or using something other than “.com.”
2. The Fake CC: Fraudsters may create a convincing email string by cc’ing other parties using real names they have gathered, along with spoofed email addresses.
3. Odd Voice or Tone: Many attacks are written by non-native English speakers from overseas. If you’re working with a US supplier, even small errors in vocabulary, spelling, grammar, or sentence construction might be red flags. Be aware of any subtle changes from your normal communication with the supplier.
4. Wrong Vernacular: Misuse of the vernacular is another way to alert you to a potential issue. For instance, an American will write “check,” while a Brit will write “cheque.”
5. Urgency: Requests are often urgent, requiring an immediate change to their bank account information. If you truly believe the business is in dire straits, call them to discuss further.
6. Erroneous Invoice Numbers: All payments are associated with an invoice number, so fraudsters often include numbers in their emails to make them look more legitimate.
7. Incorrect Amount: A legitimate supplier will know the exact amount of payment, but a fake supplier may be guessing numbers from payment patterns they’ve identified.
8. Doctored Checks: When suppliers provide a voided check with their update request, scrutinize it carefully. Some may be more obviously doctored, but others are quite convincing.
9. Unusual Payment Method: A legitimate supplier will typically accept payments through standard methods such as wire transfer, credit card, or PayPal. If a supplier requests an unusual payment method or insists on using a specific payment service, it could be a sign of a BEC scam.
10. Employee Training: It’s important to train all employees on the risks associated with BEC scams and how to identify and report suspicious activity. This can include education on how to verify changes to banking information and the importance of confirming requests through a different communication channel.
To prevent BEC attacks, it’s wise to have technology in place to safeguard your systems. Also, you should have processes for all banking change requests, including verification steps, such as calling the supplier at the phone number already on file to confirm the update with them.
Infima is a powerful data security solution that integrates seamlessly with C3 Tech’s suite of software products. With Infima’s advanced threat detection and mitigation capabilities, C3 Tech’s customers can enjoy enhanced protection against cyber attacks and data breaches. Infima’s team of expert security professionals work closely with C3 Tech to ensure that their solution is fully integrated and optimized for maximum performance and reliability. Together, Infima and C3 Tech are committed to providing best-in-class data security solutions to businesses of all sizes.
If you are updating supplier information, consider partnering with C3 Tech.
With C3 Tech and Infima Security, your business will have the knowledge and expertise to handle BEC attacks. Protect your business and your customers’ sensitive information from potential harm by taking proactive measures today.