It's easy to fall for one of these fraud email schemes.

Edward Gately, Senior News Editor

November 27, 2020

8 Slides

Cybercriminals are increasingly using fraud email or business email compromise (BEC) attacks to gain access to companies’ systems.

If they’re successful, they gather information on the company and its suppliers, including payment cycles. They masquerade as legitimate businesses to change contact and banking information, ultimately rerouting funds to their own accounts.

According to Abnormal Security, during the third quarter, attackers continued to focus primarily on BEC campaigns with the goal of invoice and payment fraud. These attacks increased 155% from Q2 to Q3.

Angela Anastasakis is Nvoicepay’s senior vice president of operations and customer success. Nvoicepay is a payment automation provider.

Anastasakis-Angela_Nvoicepay.jpg

Nvoicepay’s Angela Anastasakis

“[BEC is] a subtle process that preys on a person’s willingness to give others the benefit of the doubt,” she said. “With businesses simultaneously facing other, more direct attacks, BECs can be difficult to detect and nearly impossible to reverse.”

Convincing Emails

Fraudsters specialize in writing convincing emails, Anastasakis said. Accounts payable moves fast and try to maintain good supplier relationships; therefore, it’s easy to fall for one of these fraud email schemes.

“But by slowing down and scrutinizing these requests, there are often tells that can alert you to the sender’s legitimacy,” she said.

A single instance of business email fraud has the potential to cause financial losses in the millions, Anastasakis said. That’s what happened with Toyota and Caterpillar.

“While it’s possible to reverse some payments made to fraudulent accounts, this is not always true — particularly when it comes to automated clearing house (ACH) or wire payments,” she said. “If the bad actors close the account the funds are deposited to, there’s virtually nothing to track, and businesses become responsible for absorbing the damage done.”

You can throw as many security programs as you want at the problem, but it only takes a single well-crafted email or phone call to a well-meaning employee to undermine everything, Anastasakis said.

“The No. 1 thing businesses can do to protect themselves is to offer frequent training to their employees in identifying potential phishing instances,” she said. “Invest in a security protocol for your employees to follow when they encounter any correspondence related to updating payment information, and you will potentially save millions in losses.”

Click through the slideshow above for eight of the most common BEC techniques that fraudsters use.

Read more about:

MSPs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like