Businesses and nonprofits have enough to worry about without losing thousands of dollars to scammers. Yet the Internal Revenue Service says more and more organizations are falling victim to Business Email Compromise, or BEC, scams.
Since October 2013, the FBI estimates scammers have taken $2.3 billion from businesses and stolen lots of sensitive information about the companies' employees. Charities are not immune to the scam, either.
In these scams, a phony email is sent to an employee with access to funds and/or sensitive information, such as W-2 forms or tax statements.
In one scenario, a thief posing as an executive asks the employee to send money by wire transfer to use in a time-sensitive business deal. Amounts often exceed $100,000, and companies may not catch on to the fraud until their money is long gone. It is almost impossible to get money back once it has been wired.
In another version, a criminal posing as an executive emails the company's human resources or payroll department, asking that it send copies of employees' W-2 forms and tax statements for the previous year. A department employee complies, and the thieves get sensitive information they can use to commit identity or tax fraud.
The Consumer Fraud Task Force, which includes Better Business Bureau and agencies such as the FBI and IRS, advises companies to take the following steps to protect themselves from such schemes:
Provide fraud awareness training for employees and adopt robust technical fraud prevention controls.
Confirm all requests for fund transfers. When verifying by telephone, use known phone numbers, not numbers provided in the email request.
Carefully scrutinize all email requests for fund transfers or sensitive employee information to determine whether they are legitimate. For instance, review the "Reply To" email address to ensure it's actually from your organization. Be aware of look-alike domains.
Review email logs, with automated tools if possible, looking for potentially suspicious fake executive emails from free email service providers.
If you are victimized in a wire transfer scheme, contact your financial institution as soon as you learn of the theft.
Contact your local FBI office if you detect the wire transfer scheme quickly. Contact the IRS if you learn that tax information has been compromised.
File a complaint at IC3.gov.
Create a solid business continuity plan in the event of a BEC scam.
Consumers and businesses can find identity theft information at midmobbb.org or by contacting 573-886-8965.
Sean Spence is the Mid-Missouri regional director for Better Business Bureau.