Business Email Compromise: The Achilles Heel of Corporations
Some say that the weakest part of any security system is the human factor, and we agree. Philippine PI investigators have had many years of experience with corporate fraud, cyber security, business and internet scams. For most of the cases investigated we have seen a common factor: no security system is strong enough to cover human mistakes. The U.S. government can’t even protect it most guarded information thanks to less than patriotic persons with access to the info.
Business Email Compromise attacks, also known as BEC scams, are based on social engineering. The criminals responsible for this are not necessarily expert hackers, but mainly work out of exploiting human vulnerabilities in the companies. According to the IC3, only in the second half of 2016 the reported losses added up to almost 800 million U.S. dollars.
How does it work?
Criminals know that funds and information are managed by people, who can easily make a mistake if there are no clear protocols in place for money transfers or data. In simple words, criminals lure employees (even the companies’ top decision-makers) to transfer huge sums of money or confidential information to scammers impersonating the CEO, VP, President or executive.
Victims get an email from their bosses (or at least this is what they believe) stating they need them to immediately transfer funds to a supplier, or else the operation of the company will stop. In the face of the urgency and the fear of being responsible for stopping the operation of the company, the employees act immediately with the instructions provided by the fraudster.
By the time the employee finds out the email was not coming from the CEO, the scammers have already withdrawn the funds or have transferred the money somewhere else. Naturally, there are variations to the method, like sending fake invoices with different payment locations, or impersonating someone else like a lawyer. To erase their tracks, criminals usually buy bitcoins or deposit the money in casino accounts or the like, making it extremely hard for authorities to find the funds.
BEC scams are usually targeted to companies working with foreign suppliers or businesses. The victims range from small businesses to large corporations, mainly located or with headquarters in the United States. According to private investigators in the Philippines, cases of this kind of fraud originating in the Philippines is on the rise, with stolen money redirected to other countries in Asia.
How to avoid being a victim?
BEC is a serious threat on a global scale, so learning how to avoid this type of fraud is very important for any business owner or company executive. The first step to avoid this and any type of fraud is to know well who you deal with when doing business. Company background checks, employment background checks and due diligence are all valuable tools that will help you get to know the people and the businesses that you are dealing with. Make sure your people are to be trusted.
Having clear protocols, with detailed information on what to do on every possible scenario, is also an effective way to avoid being victim. Every change, every “urgency” needs to be addressed in the proper way, and employees have to know what is expected from them.
Human mistakes can be mitigated, so make sure your company takes the necessary steps to stop fraudsters before it’s too late! Contact us today for a free investigation quote.
C. Wright
© 2017 Philippine PI
© Copyright 2017 Philippine PI. All Rights Reserved. This content is the property of Philippine PI, LLC and is protected by United States of America and international copyright laws.