How To Protect Yourself & Your Company Against Business Email Compromise (bec) 

By Rotimi Onadipe

Business Email Compromise (BEC) is a kind of fraud in which cyber criminals hack into a corporate email account and impersonate the real owner of the email account in order to lure the company, its employees, partners or customers into transfering money or sensitive information to the cyber criminals' accounts or divert their payments to another account created by the cyber criminals.

How it works:
The cyber criminals will do a thorough research about the unsuspecting companies through their profiles, websites, social media posts, YouTube channels, journals, press release etc.

They will create an email address that is very similar to that of the unsuspecting companies' email address. In some cases they will disguise as the director, partner, lawyer or customer of the targeted companies & use their identities to obtain personal or sensitive information through email.

Research revealed that Business Email Compromise Fraud had already cost the United States Businesses at least $1.6 billion in losses from 2013 till date.

A typical example of a Business Email Compromise (BEC) was recently reported in the news and has gone viral on social media with thousands of views within few days of the report. In the report, a 38-year-old Nigerian was arrested along with 12 others by the Dubai Police. They were accused of being involved in a "Business Email Compromise" and other forms of internet fraud in which 1,926,400 victims were said to have been targeted by the syndicate.

Many unsuspecting individuals and companies fall victim to Business Email Compromise Fraud because they lack vital information about it.

Warning Signs of a Business Email Compromise Fraud:

1. It comes with a sense of urgency. e.g. urgent payment, urgent response, urgent subject matter etc. The fraudsters want their victims to respond quickly before they can think clearly.

2. Sudden change in email address. e.g. When you notice a sudden change in the email address of the CEO, customer, lawyer or staff of the company you are dealing with, be suspicious.

3. Sudden change in website: When you notice a change in the website of any company before, during or after a transaction, you should be suspicious.

4. Sudden change in contact telephone number.
5. Sudden change in bank account details.
6. Introduction of third party email into the business transaction.

How to avoid Business Email Compromise Fraud:
1. Companies & individuals should educate themselves on how to avoid business email compromise.

2. When a change in email address, phone number, bank account details, website etc is noticed, report immediately to your bank or anti-fraud agencies.

3. Always use firewall, antivirus and other tools to scan the company's computers, mobile phones & other devices to prevent malware infections.

4. Before you provide any sensitive, personal or company's information on any website, make sure you verify the authenticity of the website.

5. If you receive an email that notifies you of a change in the mode of payment or a change of bank account details, make sure you investigate thoroughly by contacting the supposed receiver of the payment via another channel. e.g. phone calls, courier services etc.

Rotimi Onadipe, Tel: +234-8169121819 Email: [email protected]