The FBI’s Internet Crime Complaint Center reported nearly $2.4 billion in losses due to Business Email Compromise (BEC) fraud in 2021. Stay vigilant – do not click on links or open emails from sources you don’t know.
While traditional spear phishing methods such as using fake emails to pose as vendors, CEOs, or other trusted managers are still common, fraudsters never stop refining their methods. In 2021, scammers began using compromised account credentials and/or virtual meetings to request fraudulent wire transfers. This new variant on the BEC scheme typically begins with an email compromise of a financial director, such as a CEO or CFO. The fraudsters monitor email communications and gain insight into the organization before using the hacked email account to set up a virtual meeting with unsuspecting employees. During the meeting, the fraudsters may use a profile picture of the CEO (and claim their audio/video isn’t working) before instructing employees to send money via wire transfer.
Protect yourself from fraud with these tips:
- Ensure purchasing/procurement and payment processes are in dual control
- Follow established procedures to prevent fraud. Do not accept payment requests outside of normal channels
- Closely review emails to ensure the sender’s address has not changed
- Always call to confirm account change requests received via email
- Always use a known contact number. Do not use phone numbers provided via email
- Use multi-factor authentication and a strong, unique password to protect your email accounts
- Beware of requests to join virtual meeting platforms not normally used by the bank
- Recognize red flags such as requests for secrecy or urgency, or the inability to join audio/video
If you suspect you’ve fallen victim to fraud, notify First National immediately and file a detailed complaint through the FBI’s Internet Crime Complaint Center.