print   email   Share

Family Employers Are Not Immune To Phishing Scams

A wire transfer fraud that initially targeted business leaders is now targeting homebuyers.

The scam, called "business email compromise" (BEC), started out hacking the computers of business leaders and collecting information on company billing practices, including payees and common amounts paid. The cybercriminals would then send a bill, claiming to be from one of the organization's payees with instructions to send a wire transfer to a fraudulent bank account.

In the latest version of the BEC scam, fraudsters hack into an escrow company's computers to steal the email addresses of their current customers. The hackers then send the customers authentic-looking emails requesting that a wire transfer be made immediately into a bank account that the hackers can access.

In order to gain access to a U.S. bank account, fraudsters will often romance victims on a dating website, eventually asking them to accept a wire transfer to their personal bank account. If they agree, it enables the cybercriminals to remove money from their account.

BEC scammers have already stolen $5.4 billion worldwide, and they are now stealing $5.3 million a month from homebuyers. Kerri Zane "The Shocking New Scam You Need To Know About: Money Transfers" (Apr. 16, 2018).

Commentary and Checklist

Phishing is the most common way cybercriminals acquire information or money from victims. Look for signs that an email might not be from the organization by checking for misspellings or slight differences in the logo. Other cybercriminal tactics include sending an unexpected email with a sense of “urgency”, requesting payment of money before something dire happens.

If your staff receives a suspicious or unsolicited request or email with an attachment, contact the sender using an independently-verified phone number and refer to the inquiry. Staff members who interact with vendors, bankers, etc., must be trained to always question the contents of emails.

Experts agree that phishing is on the rise and is effective. Symantec reports no company of any size is immune. Webroot Threat Report states that nearly 1.5 million new phishing sites are created each month, and the SANS Institute reports that 95 percent of all attacks on networks are the result of successful spear phishing (targeted emails).

Here are some signs that an email could be a phishing scam:

  • Requests to send personal information over email-legitimate businesses will never do this.
  • "From" address not matching the reply address in the email.
  • Email sent from a free email service, including Hotmail, Gmail, or AOL.
  • Email sent from a random address that does not match the organization it claims to be from.
  • Your email address listed as the "from" address.
  • The "to" address including a large number of recipients or an undisclosed recipient list.
  • The web address that shows up when you hover over a link differing from what it says it is in the email.
  • The web address of the link included in the email being the name of a well-known organization, but with one letter missing or two letters transposed.
  • Grammar or spelling mistakes in the email.
  • A stranger contacting you offering to give you money.
  • Requests for you to provide money up front for a processing fee or other questionable activities.
  • Claims that important information is included in an attachment.
Finally, your opinion is important to us. Please complete the opinion survey: