Email is the default communication method for business because it’s quick, easy, inexpensive, and breaks down geographic barriers. But as email has grown in use and popularity, criminals have been quick to fill our inboxes with spam, Nigerian email scams, phishing messages, and—exceedingly popular— business email compromise messages.
What is business email compromise?
Business email compromise occurs when a fraudster sends a spoofed email to a business email account requesting that money be wired to a bank account he or she controls. These spoofed emails can appear to come from a vendor, senior executive, or someone with approval to release funds. If the recipient believes the email to be legitimate, it can result in enormous losses for the company.
In August, technology company Ubiquiti Networks fell for the scam, incurring losses to the tune of $46 million dollars. Employees of the company believed that emails they received from the “CEO” were legitimate and released funds to pay invoices created by the criminal.
What’s law (enforcement) got to do with it?
In January, the FBI announced that business email compromise scams had resulted in over $1 billion in reported losses in 2014, and provided resources to help businesses protect themselves. The sad truth of the matter is that many of these scams originate in places where US law enforcement has no reach or influence, so criminal prosecution or the recovery of funds is the exception, not the rule.
That’s why you need to do everything in your power to safeguard your business against fraud and email business compromise.
So how do you protect your business?
Because fraud is so pernicious, wide-reaching, and devastating, it may seem like a herculean task to mitigate it. But there are quick and easy ways to prevent your company from falling victim to this expensive crime:
The mounting technological savvy of fraudsters may seem intimidating, but preventing business email compromise really boils down to two simple things: common sense and awareness. All you have to do is pay attention.
Nathan Horn-Mitchem is Provident Bank’s Information Security Officer. With more than a decade of experience, Nathan’s a bona fide expert in his field. He holds a CISSP (Certified Information Systems Security Professional) certification. In addition to keeping the bank safe, he enjoys watching college basketball and spending time with his kids.