Know Your Scam: Business E-mail Compromise

Even the biggest tech companies can fall prey to phishing. Last month, the U.S. Department of Justice announced that two tech companies had been taken by a scammer for more than $100 million. It was recently reported that those two companies were Facebook and Google. The phishing job that managed to get to these two Silicon Valley behemoths was a form of business e-mail compromise (BEC). BEC typically breaches business e-mail security, and makes requests for wire payments or fraudulent invoice payment to make money.

Though this may sound like your typical phishing scam, BEC can become insidious in the right vendor management culture. In the Google/Facebook case, e-mails were sent requesting wire transfers from an account made to mimic a familiar business partner. Big firms are a particularly ideal target, as vendor management departments handle many requests at a time. However, smaller firms are also at risk during the acquisition and merger process. With the expected distraction caused by merging, phishing attempts have a higher chance of getting through.

Avoiding fraud due to BEC relies on educating your staff. Make sure your vendor invoice payment process takes BEC into account, and teach staff to know the signs of a phishing e-mail. Never take for granted what employees do and do not know, and rehash basics if necessary.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.