Beware of the B.E.C. scam, says a report at fbi.gov. The hackers target businesses and are good at getting what they want.
The hackers first learn the name of a company’s CEO or other key figure such as the company’s lawyer or a vendor. They then figure out a way to make an e-mail, coming from them, appear to come from this CEO, and send it to employees.
The recipients aren’t just randomly selected, either. The hackers do their homework to find out which employees handle money. They even learn the company’s particular language, says the fbi.gov article. The company may be a big business, small enterprise and even a non-profit organization.
Once they get it all down, they then request a wire transfer of money. This does not raise red flags in particular if the company normally sends out wire transfer payments.
This CEO impersonation scam is quite pervasive, stinging every state in the U.S. and occurring in at least 79 other nations. The fbi.gov article cites the following findings:
- Between October 2013 and February 2016, complaints came in from 17,642 victims. This translated to over $2.3 billion lost.
- Arizona has been hit hard by this scam, with an average loss per scam coming in at between $25,000 and $75,000.
Companies or enterprises that are the victim of this scam should immediately contact their bank, and also request that the bank contact the financial institution where the stolen funds were transferred to.
Next, the victim should file a complaint with the IC3.
How can businesses protect themselves from these scam e-mails?
- Remember, the hacker’s e-mail is designed to look like it came from a key figure with the organization. This may include the type of font that the key figure normally uses in their e-mails; how they sign off (e.g., “Best,” “Thanks a bunch,”), and any nicknames, such as “Libbie” for Elizabeth. Therefore, contact that person with a separate e-mail (not a reply to the one you received) to get verification, or call that individual.
- Be suspicious if the e-mail’s content focuses on a wire transfer request, especially if it’s urgent.