Scam Basics – Business Email Compromise Fraud

Last Updated on by SCARS Editorial Team

Find Real ScammerScammer A Scammer or Fraudster is someone that engages in deception to obtain money or achieve another objective. They are criminals that attempt to deceive a victim into sending more or performing some other activity that benefits the scammer. & Fake Stolen Photos On ScamsONLINE.org
The SCARSSCARS SCARS - Society of Citizens Against Relationship Scams Inc. A government registered crime victims' assistance & crime prevention nonprofit organization based in Miami, Florida, U.S.A. SCARS supports the victims of scams worldwide and through its partners in more than 60 countries around the world. Incorporated in 2015, its team has 30 years of continuous experience educating and supporting scam victims. Visit www.AgainstScams.org to learn more about SCARS. Scammer Photo Gallery Website
Click Here To Donate To SCARS

ScamScam A Scam is a confidence trick - a crime -  is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. Basics – Business Email Compromise FraudFraud In law, fraud is intentional deception to secure unfair or unlawful gain (money or other assets), or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compensation) or criminal law (e.g., a fraud perpetrator may be prosecuted and imprisoned by governmental authorities), or it may cause no loss of money, property, or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver's license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements. A fraud can also be a hoax, which is a distinct concept that involves deliberate deception without the intention of gain or of materially damaging or depriving a victim.

Business Email Compromise

Business email compromise (BEC)—also known as email account compromise (EAC)—is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional.

In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request, like in these examples:

  • A vendor your company regularly deals with sends an invoice with an updated mailing address.
  • A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
  • A homebuyer receives a message from his title company with instructions on how to wire his down payment.
  • Versions of these scenarios happened to real victims. All the messages were fake. And in each case, thousands—or even hundreds of thousands—of dollars were sent to criminals instead.

Business Email Compromise (BEC) Fraud

#BECareful – Don’t Let Scammers Trick You Into Making Payments To Their Accounts

Criminals hack into email systems or use social engineeringSocial Engineering Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. It is used as a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. It has also been defined as "any act that influences a person to take any action that may or may not be in their best interests." tactics to gain information about corporate payment systems, then deceive company employees into transferring money into their bank account.

What Is A Business Email Compromise Scam

How Criminals Carry Out BEC ScamsScams A Scam is a confidence trick - a crime -  is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost.  – A Scammer Might:

  • Spoof an email account or website. Slight variations on legitimate addresses:
    (john.kelly@examplecompany.com vs. john.kelley@examplecompany.com)
    fool victims into thinking fake accounts are authentic.
  • Send spearphishing emails. These messages look like they’re from a trusted sender to trick victims into revealing confidential information. That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the BEC schemes.
  • Use malwareMalware Short for "malicious software," this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts.. Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. That information is used to time requests or sends messages so accountants or financial officers don’t question payment requests. Malware also lets criminals gain undetected access to a victim’s data, including passwords and financial account information.

How to Protect Yourself

  • Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
  • Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
  • Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
  • Be careful what you download. Never open an email attachment from someone you don’t know, and be wary of email attachments forwarded to you.
  • Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
  • Verify payment and purchase requests in person if possible or by calling the person to make sure it is legitimate. You should verify any change in an account number or payment procedures with the person making the request.
  • Be especially wary if the requestor is pressing you to act quickly.

More BEC Protection Basics

Protect your corporate systems from hacking attempts

  • DO use anti-virusVirus A computer program that can replicate itself and spread from computer to computer or file to file. It comes to life only when you take a specific action, such as running a particular program., firewall, and other tools and scan computers and devices regularly to prevent malware infections.
  • DO keep your personal and business computers up to date: pay attention to security alerts, update security patches, conduct periodic systems checks.
  • DO make sure that your email accounts are well protected and don’t share the passwords.
  • DON’T click on attachments or links you aren’t expecting, even if they have innocent sounding names (invoice, for example). They often contain malware giving access to monitor your email/computer activities.
  • DO enable spam filters and blockBlock Blocking is a technical action usually on social media or messaging platforms that restricts or bans another profile from seeing or communicating with your profile. To block someone on social media, you can usually go to their profile and select it from a list of options - often labeled or identified with three dots ••• all access to suspicious or blacklisted websites.

Be vigilant of suspicious or unexpected ‘urgent’ payment requests or changes

  • DO look carefully at the sender’s email address. Criminals often create an account with a very similar email address to your business partners so keep your eyes peeled!
  • DO spread the word so any colleagues dealing with bank accounts are aware of the scam.
  • If you receive an email concerning a change of payment method or bank account,
    • DO contact the payment recipient through another channel (such as by phone) to verify this claim.
    • DON’T reply directly to the email.
  • DO verify the authenticity of websites before providing any personal or sensitive information.

Avoid becoming a target from the beginning

  • DON’T post sensitive or personal information on social media. This can be used by fraudsters to target you.
  • DO shred all confidential documents and dispose of them properly.
  • DO use different passwords for every account, change them regularly and enable two-factor authentication on all your accounts whenever possible.
  • DO use strong passwords which include numbers, symbols, capital, and lower-case letters.

If you paid the money – now what?

  • Gather all documentation regarding the transaction and emails/invoices received and DO report the incident as soon as possible to your local police.
  • DO immediately alert your bank to the fraudulent transaction. The bank should immediately try to recall the funds.
  • DO consider consulting a civil lawyer in the country where the money was deposited into the beneficiary bank account. This might be of help to address the bank in trying to recover the money and/or launch a civil complaint regarding the account holder.

How to Report (USA)

If you or your company falls victim to a BEC scam, it’s important to act VERY quickly:

If your business is not in the United States, contact your National Police Force or their CybercrimesCybercrimes Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks. Police Unit (most countries now have them.)

business-email-compromise-timeline-022717[1]
BEC Scams

TAGS: SCARS, Information About Scams, Anti-Scam, Scams, Scammers, Fraudsters, Cybercrime, Crybercriminals, Scam Victims, Online Fraud, Online Crime Is Real Crime, Scam Avoidance, BEC Scams, Business Email Compromise, Financial Fraud, Business Fraud

PLEASE SHARE OUR ARTICLES WITH YOUR FRIENDS & FAMILY

HELP OTHERS STAY SAFE ONLINE – YOUR KNOWLEDGE CAN MAKE THE DIFFERENCE!
THE NEXT VICTIM MIGHT BE YOUR OWN FAMILY MEMBER OR BEST FRIEND!

SCARS the Society of Citizens Against Relationship Scams Incorporated

By the SCARS™ Editorial Team
Society of Citizens Against Relationship ScamsSCARS SCARS - Society of Citizens Against Relationship Scams Inc. A government registered crime victims' assistance & crime prevention nonprofit organization based in Miami, Florida, U.S.A. SCARS supports the victims of scams worldwide and through its partners in more than 60 countries around the world. Incorporated in 2015, its team has 30 years of continuous experience educating and supporting scam victims. Visit www.AgainstScams.org to learn more about SCARS. Inc.

A Worldwide Crime Victims Assistance & Crime Prevention Nonprofit Organization Headquartered In Miami Florida USA & Monterrey NL Mexico, with Partners In More Than 60 Countries
To Learn More, Volunteer, or Donate Visit: www.AgainstScams.org
Contact Us: Contact@AgainstScams.org

Your Feedback!

Please share your feedback below. Hearing from victims helps us refine our knowledge about scammer’s processes and methods, and then be able to better share factual authoritative information with victims worldwide. Please scroll down and share your thoughts and comments. What you think and experienced matters.

Please Share:

Please share our articles and knowledge with your friends & family. This is important!

Help others stay safe online – your knowledge can make the difference for both those being groomed and victims! The next victim might be your own family member or best friend!

SCARS the Society of Citizens Against Relationship Scams Incorporated

By the SCARS™ Editorial Team
Society of Citizens Against Relationship Scams Inc.

A Worldwide Crime Victims Assistance & Crime Prevention Nonprofit Organization Headquartered In Miami Florida USA & Monterrey NL Mexico, with Partners In More Than 60 Countries
To Learn More, Volunteer, or Donate Visit: www.AgainstScams.org
Contact Us: Contact@AgainstScams.org

Latest & Updated SCARS RomanceScamsNow.com Posts: