NORTH ADAMS >> A business email scam that has costs firms thousands of dollars across the country has attracted the attention of national law enforcement authorities, according to MountainOne Bank.
The so-called "Business Email Compromise", or BEC, scam has been described as a "sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments," according to an announcement by the FBI that has been cited by MountainOne.
Both small and large businesses have been targeted by scammers, according to the Internet Crime Complaint Center, a partnership between the National White Collar Crime Center and the FBI.
Through the BEC, fraudsters have been stealing millions of dollars from businesses by compromising their official email accounts and using those accounts to initiate fraudulent wire transfers.
Formerly known as the "Main-in-the-Email" scams, these schemes compromise official business email accounts to conduct unauthorized fund transfers.
In Texas, a manufacturing firm is suing its cyber insurance provider to cover a $480,000 loss following an email scam that impersonated the firm's chief executive, according to Krebs on Security, a well-known security news and investigation website.
Thieves using variations of this scam stole nearly $750 million from more than 7,000 victim companies in the U.S. between October 2013 and August 2015, according to FBI statistics cited by Krebs.
According to MountainOne, BEC scams often begin with an attacker compromising a business executive's email account or any publicly listed email. Upon monitoring the compromised email account, the fraudster will try to determine who initiates wires and who receives them.
The perpetrators often perform a fair amount of research, looking for a company that has had a change of leadership in the executive level of the finance function, or companies where executives are either travelling, or leading an investor conference call. They use these as opportunities to execute the scheme,
Here are some tips businesses can use to stay protected and secure:
• Carefully scrutinize all emails. Be wary of irregular emails that are sent from executive level employees, as these are being used to trick employees into acting with urgency. Review emails that request a transfer of funds to determine if the request is out of the ordinary.
• Educate and train employees. Employees are usually a company's biggest asset, but they're often the target of email scams to circumvent a firm's security.
• Verify any changes in vendor payment location by using a secondary sign-off by company personnel.
• Stay updated on customers' habits including the details, and reasons, behind payments.
• Confirm requests for a transfer of funds when using phone verification as part of two-factor authentication. Use known familiar numbers, not the details provided in the email requests.
Those who suspect their businesses may have been targeted by a BEC email are asked to immediately report the incident to their bank and to law enforcement.
The FBI's announcement on the BEC scam can be viewed online at https://www.uc3.gov/media/2015/150122aspx.
Tony Dobrowolski can be reached at 413-496-6224.