You have probably seen variations of this post before, but as long as people fall victim to email scams it bears repeating. As posted by Adams and Reese LLP (https://www.adamsandreese.com/news-knowledge/avoiding-business-email-compromise-schemes-lessons-for-conducting-online-business-securely), in 2018 the FBI's Internet Crime Complaint Center received 20,373 complaints targeting businesses and individuals performing wire transfer payments. Adjusted losses were over $1.2 billion. Compared to 2017, complaints increased by 29% and losses by 77%.
There are prevention strategies to counter these scams:
- Use encrypted or secure emails for wire transfers or non-public information so criminals can't view and alter or steal them.
- Adopt written funds transfer security procedures. Verify any change in payment type or location by phone or in person,never by response to the email. Consider using a code phrase or requiring a second person to confirm a transaction. Do not share security procedures online (best practice is person to person). Review payment activity for suspicious transactions.
- Train all personnel. Every computer user should be trained to report suspicious emails, not to open unexpected attachments and resist any request for urgent action bypassing normal procedures. This is especially true for anyone who handles or oversees electronic fund transfers.
- Install anti-malware and update with latest patches.
- Implement access controls on a "least privilege" basis.
- Use due diligence with third party vendors - their security measures should be the strongest possible.
- Protect communications on external networks - laptops, other portable devices, employees working from home or on the road.
Above all, stay informed about the newest threats and counter-measures.