Protect My Business

Business email fraud is on the rise

Business email fraud, also known as Business Email Compromise (BEC), is on the rise across the country. One of the best ways to protect your business is to educate yourself and your employees.

Unlike other cyber-attacks, these types of fraudster emails don’t contain malware or malicious URLs. Instead, they take advantage of social engineering.

Who Do They Target?

Business email fraud attacks target people – usually your CFO or people in your human resources, finance, or payroll departments. Using a technique called “spoofing”, the attacks trick your people into thinking they’ve received an email from a boss, coworker, vendor, or partner. The impostor requests wire transfers, tax records, and other sensitive data.

These fraudsters succeed because they create emails that are deceptively similar to legitimate messages. They also ask victims to perform tasks that fall under their normal job duties.

Here are a few scenarios of business email fraud:



Fraud Prevention Best Practices:

  1. Implement strong internal controls focusing on both international and domestic wire and ACH transactions.
  2. All email requests to transfer funds via wire or ACH should be verified through a secondary email, phone, or text before approving and scheduling with your financial institution.
  3. Raise suspicions about odd email requests for secrecy or pressure to take action quickly.
  4. Train your employees to carefully examine the URLs from received emails, paying close attention to slightly different, yet resembling and legitimately spoofed email addresses.
  5. Forward vs reply: Avoid using the “reply” option to respond to business emails. Forward instead, typing in the email address or selecting it from the email.
  6. Flag requests from vendors, payroll processors, suppliers, and customers involving payments with a sudden change of instructions. Always verify any changes via phone or outside of email to make sure you are still communicating with your legitimate business partner.
  7. Take action immediately: If you think you’ve become a victim of business email fraud, contact your financial institution immediately.

In the event that  Alerus’ Fraud Monitoring systems trigger a transaction as potentially suspect, clients may receive a call to discuss the transaction further before it is released.