How Criminals Carry Out BEC Scams and How to Protect Yourself

Business Email Compromise (BEC) scams, also known as email account compromise (EAC), stands out as one of the most financially devastating cybercrimes. It capitalizes on our heavy reliance on email for conducting various forms of business, be it personal or professional.

In a BEC scam, cybercriminals craft email messages that mimic trusted sources, creating an illusion of legitimacy. Here are a few examples:

  1. An email seemingly from a regular vendor your company deals with arrives, containing an invoice with an updated mailing address.
  2. The CEO of a company instructs her assistant to purchase numerous gift cards for employee rewards. She requests the serial numbers to expedite email distribution.
  3. A homebuyer receives a message from his title company, providing instructions on wiring the down payment.

These scenarios, or variations of them, have victimized real individuals and organizations. The catch is that all these messages are fraudulent. In each instance, substantial sums, ranging from thousands to hundreds of thousands of dollars, have been inadvertently transferred to the pockets of cybercriminals instead of the intended recipients. How to do you know that a scammer is contact you? Scroll down to learn more from the explanation below with examples.

The FBI and the Police Investigating Crime in the US to prevent online Scams
The FBI and the Police Investigating Crime in the US to prevent online Scams

How Criminals Carry Out BEC Scams Successfully

1. Spoof an email account or website:

Please be carefully to detect slight variations in email addresses, such as “sarah.mike@companyname.com” that will look similarly like “sarahe.mike@companyname.com,”. This type of similar email have the power to deceive victims into believing that fake accounts are genuine. These subtle differences can easily escape notice, contributing to the success of fraudulent schemes.

2. Send spearphishing emails:

These deceptive messages are designed to mimic communications from trusted senders, luring victims into divulging confidential information. Once in possession of this sensitive data, cybercriminals gain access to company accounts, calendars, and other critical information, providing them with the necessary details to execute their BEC schemes.

3. Use malware:

Malicious software can infiltrate company networks, granting unauthorized access to legitimate email conversations concerning billing and invoices. This ill-gotten information is exploited to time requests or dispatch messages in a way that avoids suspicion from accountants or financial officers when processing payment requests.

Additionally, malware provides criminals with surreptitious access to a victim’s data, including passwords and sensitive financial account information, without detection.

Business Email Compromise Timeline

Related Cybersecurity Posts

How to Report Business Email Compromise (BEC) Scam

Report to Federal Bureau of Investigations (FBI) in United States

In the unfortunate event that you or your company become victims of a BEC scam, swift action is very important:

Federal Bureau of Investigations (FBI)
  1. Contact Your Financial Institution: Without delay, reach out to your financial institution and request that they initiate contact with the financial institution where the unauthorized transfer was directed.
  2. Contact Your Local FBI Field Office: Notify your local FBI field office to officially report the cybercrime and seek their assistance in the investigation.
  3. File a Complaint with IC3: File a formal complaint with the FBI’s Internet Crime Complaint Center (IC3). This step is vital for documenting the incident and aiding in law enforcement efforts to combat cybercrime. This is the link to Cyber Fraud Complaint – File A Complaint Online.
  4. Visit the General Fraud and Other Criminal Matters or Contact the FBI at (202) 324-3000, or online at www.fbi.gov or tips.fbi.gov.

Report to Economic and Financial Crime Commission (EFCC) in Nigeria

Reporting a scam to the Economic and Financial Crimes Commission (EFCC) in Nigeria is an important step in combating fraud and cybercrime. The EFCC is the primary law enforcement agency responsible for investigating economic and financial crimes in Nigeria, including scams and fraud.

Economic and Financial Crimes Commission (EFCC) Image logo

To report a scam to the EFCC, you can follow these steps:

  1. Gather Information: Before reporting the scam, gather as much information as possible about the scammer or fraudulent activity. This might include names, phone numbers, email addresses, bank account details, and any evidence or documentation related to the scam.
  2. Visit the EFCC Website: Go to the official website of the EFCC. As of my last knowledge update in September 2021, the website is www.efccnigeria.org. However, please verify the website’s URL as it may have changed.
  3. Locate the “Report a Scam” Section: Look for a section on the EFCC’s website that allows you to report economic and financial crimes or scams. This section might be labeled differently, but it usually contains information on how to report such incidents.
  4. Complete the Online Reporting Form: Fill out the online reporting form with accurate and detailed information about the scam. Be as specific as possible, providing all relevant information and documentation.
  5. Submit Your Report: After completing the form, submit it through the EFCC’s website. You may receive a reference number or confirmation of your report, so keep this information for your records.
  6. Follow Up: It’s a good practice to follow up on your report if you have not received any response within a reasonable timeframe. You can contact the EFCC through the contact information provided on their website for updates on your case.
  7. Contact EFCC Directly: If you prefer to report the scam in person or by phone, you can visit the nearest EFCC office or contact them using the phone numbers provided on their official website.

Reporting scams is important not only to protect yourself but also to help law enforcement agencies to investigate and combat fraud.

Report to Action Fraud or the local Police in United Kingdom (UK)

If you want to report fraud in the United Kingdom, you can do so through several channels, depending on the nature of the fraud and your preferences. Where do I report fraud in the UK? Here are some key options for reporting fraud in the UK:

  1. Action Fraud:
    • Action Fraud is the UK’s national reporting center for fraud and cybercrime. You can report various types of fraud online through their website or by phone.
    • Website: Visit the Action Fraud website at www.actionfraud.police.uk.
    • Phone: You can report fraud by calling 0300 123 2040.
  2. Local Police:
    • If you believe the fraud involves an immediate threat or a crime in progress, you should contact your local police by dialing 999 (emergency) or 101 (non-emergency).
  3. Citizens Advice:
    • Citizens Advice provides guidance on various consumer issues, including fraud. You can contact your local Citizens Advice office or visit their website at www.citizensadvice.org.uk for advice and support.
  4. Financial Institutions:
    • If you’ve experienced financial fraud involving your bank account or credit card, contact your financial institution’s fraud department. They can guide you through the process of reporting and resolving the issue.
  5. Online Resources:
    • There are several websites and organizations that provide information and resources related to specific types of fraud, such as phishing, online scams, and identity theft. These resources can offer guidance on how to report and protect yourself against fraud.

When reporting fraud, it’s essential to provide as much detail as possible, including any supporting documentation or evidence you may have. This information helps authorities investigate and take appropriate action.

Related: How to Prevent Fraud on Credit Card with Identity Theft Detection

How to Protect Yourself from falling into BEC Scams

To safeguard yourself against online scams and maintain your digital security, it’s vital to adopt some proactive measures:

  1. Exercise Caution with Personal Information: Be mindful of the information you share online and on social media platforms. Avoid openly disclosing details such as pet names, schools attended, family links, and your birthday, as these can provide scammers with the data needed to guess your password or answer security questions.
  2. Beware of Unsolicited Requests: Refrain from clicking on any links or responding to unsolicited emails or text messages that request you to update or verify account information. Independently search for the company’s contact information (don’t rely on the information provided by a potential scammer) and call the company to verify the legitimacy of the request.
  3. Scrutinize Communication Details: Pay close attention to the email address, website URLs, and spelling used in all forms of communication. Scammers often employ subtle variations to deceive and gain your trust.
  4. Exercise Caution with Downloads: Never open email attachments from unknown senders, and exercise caution when receiving forwarded email attachments.
  5. Implement Two-Factor Authentication: Whenever possible, enable two-factor authentication (or multi-factor authentication) on your accounts and avoid disabling it.
  6. Verify Payment and Purchase Requests: If you receive payment or purchase requests, especially ones involving changes to account numbers or procedures, verify them in person or by contacting the person making the request directly to confirm their legitimacy.
  7. Watch for Pressure Tactics: Be particularly cautious if the requester is pressuring you to act hastily. Scammers often use urgency to manipulate victims into making impulsive decisions.

Conclusion

These precautions can significantly enhance your online security and protect you from falling victim to various online scams and fraudulent activities.

Remember that reporting fraud is a good idea. It is not only to protect yourself but also to prevent others from falling victim to the same scams. Fraud can have serious financial and personal consequences, so taking action promptly is important.

Note: Please note that the contact information and reporting procedures may change over time, so it’s a good practice to verify the most up-to-date information on reporting fraud by visiting the official websites of the relevant organizations or contacting them directly.

Helpful Guides to Keep you Safe

Exit mobile version