Safety 101: Business Email Compromise

Article by Det. Trent Koppell

As a member of the St. Louis Electronic Crimes Task Force I recently went to a Fraud Task Force Meeting and became educated on the newest fraud trends affecting our area. At this particular meeting the topic was Business Email Compromise also known as BEC. So, what is BEC? It is the most recent sophisticated scam using email and/or other electronic communication to impersonate a business executive, employee, or another person with the authority to request payments or gain access to employee payroll and W2 information on behalf of a business.

So how does it work? According to the U.S. Department of Justice, the BEC scam may begin when a legitimate user downloads malicious software, known as malware, by clicking on an attachment or link in a spam or phishing email or acts upon a spoofed e-mail payment request crafted to look like it came from a company executive. Remember, you don’t usually know that you’re clicking a fraudulent site until it’s too late. When enough legitimate information is stolen, this allows the scammer to assume the victim’s identity both on and off line.

Secret Service Agent Tim Reboulet of the St. Louis Field Office a few things to consider before becoming a victim:

Safe Practices for Avoiding Cyber-Crime

1. If it seems too good to be true, it probably is.
2. Don’t give your personal information to someone you don’t know, especially if you did not initiate the contact.
3. Your bank will never ask for your account number or personal information over the phone. 4. Ask questions. If you do not like their answers, do not proceed.
5. Never wire money to someone you do not know.
6. Never click on a link in an email. Always type the address in yourself.
7. Never give someone access to your computer, especially someone on the phone.
8. Don’t respond to emails from people you don’t know.
9. Never carry your social security card or birth certificate with you, keep them secure. 10.Don’t carry bank accounts, passwords, PINs, or other vital information in your purse or wallet.
11.Make your passwords unique and complex. Make sure you add a special character to it. 12.Do your homework, research the company calling you or the email you received.
13.Ask others what they think about possible scams, such as letters, or emails.
14.Keep your credit and debit card numbers written down in a safe location, as well as the bank contact information.
15.Don’t give into threats or intimidation. The fraudsters are usually thousands of miles away. 16.Be patient. If it is legitimate, there is no rush to move forward.

What if you think you are a victim of a cyber-crime?

1. Take notes. Keep track of everything during this process.
2. Contact your bank. Flag or close your accounts, ask to speak to the branch manager for advice.
3. Flag your credit. Putting an alert on your credit will prevent new accounts from being opened.
4. Get a police report. Contact your local police department for instructions on getting a police report written for the scam. This will be used later when you dispute accounts or charges.
5. Contact the Federal Trade Commission. Reporting these scams prevents future victims

There are warning signs you may want to pay attention to as well, here are just a few:

1. An e-mail request to change established wire transfer, payment procedure, or bank deposit instructions.
2. A request that the payment be expedited.
3. A requester who indicates he/she will be out of the office and/or will not be readily available for re-contact.
4. A requester that is seeking sensitive employee payroll or W2 information by email.

Keep an eye out for this type of suspicious email and other schemes, and of course if you have any questions or concerns you can always contact your local or state law enforcement officials for assistance.

MM&E
Trent Koppel is a St. Louis-based detective and adjunct professor at Maryville University.

About the author

Joe Clote

Joseph W. Clote is owner of Publishing Concepts, LLC a communications and marketing firm based in Saint Louis, Missouri. Mr. Clote is Group Publisher of MeetMed™ and Missouri Meetings & Events™ (MM&E) magazine, a quarterly publication read by thousands of meeting and event professionals, and producer of the St. Louis and Kansas City trade shows under the MM&E name. Mr. Clote has extensive sales and marketing expertise in the travel, tourism, fine art, insurance, and software development industries.