Many people have heard of phishing emails—a scam designed to trick recipients into clicking links or opening attachments in fraudulent emails that appear to be from trusted individuals or companies. Criminals are now taking this approach a step further with potential for severe financial consequences to businesses.
Have you ever received payment instructions from a boss or vendor on an email? You could be at risk for the latest fraud scheme, the Business Email Compromise. Fraudsters have been very successful in impersonating superiors, peers and vendors to get businesses to send them wire and ACH transfers. According to the FBI, 14,000 US businesses have lost in excess of $961 million due to this scam. Since January 2015, the number of scam attempts has increased by 1,300%.
Email compromise, or masquerade fraud, usually involves the impersonation or takeover of a legitimate email address. They either compromise known parties' emails or create similar looking emails (e.g., email@example.com vs. firstname.lastname@example.org). Very sophisticated criminals will target an executive's email to take over.
Fraudsters will request payments or give new account numbers for future payments. The email requests may look like regular correspondence between you and another party or even be inserted into an on-going conversation. The email requests will often have a sense of urgency, playing on your desire to help your boss or long-time trading partner.