The FBI Norfolk Division is warning that Business E-Mail Compromise (BEC) schemes are on the rise in Hampton Roads.

BECs are sophisticated schemes where scammers target unsuspecting employees through compromised business e-mail accounts and trick them into transferring money to bank accounts controlled by criminals.

There are a number of variations of this scam, but the basics are generally the same. The schemers go to great lengths to spoof company e-mail or use phishing techniques to assume the identity of a trusted vendor or a company executive such as the CEO. They e-mail employees who manage the company’s finances using language specific to the company they are targeting, then request a wire fund transfer using dollar amounts that lend legitimacy.

BEC scams are among the fastest growing Internet fraud schemes and cost American businesses hundreds of millions of dollars in losses every year. In Virginia last year, 409 victims with losses exceeding $7 million were reported to the FBI’s Internet Crime Complaint Center (IC3).

These schemes target businesses and organizations of all sizes and types—from well-known corporations and non-profits to churches and school systems—but of particular concern in Hampton Roads are small and medium sized companies that may be more vulnerable to such a scam and less able to recover from the losses.

WHAT TO DO IF YOU ARE A VICTIM

If your company has been victimized by a BEC scam, it is important to act quickly. Delays in reporting the scheme make it difficult to stop wire transfers and recover any lost assets.

• Contact your financial institution immediately.
• Request that they contact the financial institution where the fraudulent transfer was sent.
• Contact the FBI at 1-800-CALLFBI (225-5324).
• File a complaint —regardless of dollar loss—with IC3.

TIPS ON HOW TO PROTECT YOUR BUSINESS

Businesses that deploy robust internal prevention techniques at all levels, especially for front line employees who may be the recipients of initial phishing attempts, are more likely to avoid falling victim and sending fraudulent payments.

• Carefully scrutinize all e-mail requests for transfers of funds and be suspicious of pressure to act quickly.
• Confirm requests for transfers of funds by using phone or in-person verification as part of two-factor authentication.
• Consider additional IT and financial security procedures such as end to end digital signatures or two-factor authentication.
• Know the habits of your customers and beware of sudden changes in business practices.
• Instead of replying to e-mails, consider forwarding responses using existing contacts in your address book.

Resources for more information:

• Public Service Announcement: Business E-Mail Compromise/E-Mail Account Compromise, the 5 Billion Dollar Scam
• Business E-mail Compromise Guide
• Business E-Mail Compromise: Cyber-Enabled Financial Fraud on the Rise Globally
• IC3 2016 Internet Crime Report
• IC3 2016 State Reports
• File a Complaint with the IC3