According to the Canadian Anti-Fraud Centre (CAFC), Business Email Compromise (BEC) fraud has cost businesses worldwide, including Canadian businesses, more than $5 billion dollars.
How to spot BEC?
BEC fraud includes several types of sophisticated frauds targeted at businesses. According to the CAFC, several types of BEC schemes have been seen in Canada. Here’s how to spot scams targeted at your business:
How it works: spoofed emails that look like they are being sent by senior executives, such as the president, Chief Executive Officer (CEO) or the Chief Financial Officer (CFO), are sent to individuals working in the accounting or finance department. The email will attempt to trick the employee into wiring money to a third party and include language making the request sound urgent and confidential.
How it works: spoofed emails that look they are being sent by suppliers with whom your business has a well-established relationship. These fraudulent emails will request that you provide payment for an invoice by wire transfer to a fraudulent account.
How it works: criminals may also seek sensitive financial information by making legitimate-sounding requests for tax statements or other confidential information about the business that they can use to commit fraud.
How you, and your employees, can protect against email fraud
BEC fraud is targeted at business both large and small. Here are some ways to protect against it:
- Educate - Educate employees on how to spot these types of scams by making them aware that employee email addresses can be spoofed.Let them know that a major red flag for BEC is a wire transfer request that includes pressure to act or a sense of urgency.
- Verify - The Canadian Anti-Fraud Centre recommends businesses consider a two-step verification process for wire transfer payments so that your business requires two forms of communication to confirm a wire-transfer request is legitimate.
- Be cautious - Take precautions when posting information online or on social media sites about where and when senior staff, including the CEO or CFO, are on vacation or away from the office.
- Protect - Ensure all software, including anti-virus software, is up to date on all computers and servers in your office(s).
If your business is victimized
If you learn that a wire-transfer is fraudulent, contact your financial institution immediately. You should also report the incident to the police
Download the CBA’s Small Business Cyber Security Toolkit to help protect your small business from cyber threats.