Protect Yourself from Business Email Scams

warning on ipad

Protecting yourself from scams and cybercriminals remains an ongoing battle of the digital age. The pandemic provided fruitful ground for scammers, who used the opportunity to gain lucrative financial and personal information from unsuspecting victims. The threat of scammers continues as they shift their nefarious actions to better catch people off guard.

Many are now targeting businesses, impersonating vendors, employees and clients to obtain key information that can gain them access to business accounts and/or convince a victim to transfer funds. At Guardian Mortgage we're here to help you stay safe and protect your financial information. Knowing what to look for and staying vigilant is key. Here we’re breaking down one of the latest digital scams, known as Business Email Compromise (BEC), how to identify scam activity and what to do if you suspect you’ve been a target.

What is a Business Email Compromise Scam

In a BEC scam, cybercriminals target businesses by sending an email message that appears to come from a known, legitimate party. They are masters of disguise and can make their communications look incredibly authentic.

Scammers do this by using information they gather through phishing. Information can include co-worker and executive names, financial account information, calendar information and more. They then use this information to craft messages that make sense and are familiar to the recipient. For example, you could receive an email from:

  • A vendor asking you to change their company billing or ACH information. (The address or bank account is then switched over to the scammers’ account.)

  • A co-worker or high-level executive requesting that you make a payment or money transfer to a specified account.

  • An attorney requesting you provide personal details, bank account details, or transfer funds.

These are all examples of popular BEC scams currently taking place. Being aware that these scams happen is the first step in protecting yourself. But how do you know if an email you receive is from a genuine source or a criminal? There are typically some tell-tale signs.

Identifying Scams

When it comes to identifying scams, some scams are easier to spot than others. Here are a few classic signs you can look for when reviewing emails.

  • The email address is slightly off. Often scammers will create a spoof email address or website domain. These domains can be as simple as a few letters off the authentic email address but will send your reply straight to the criminal. Examine email addresses, URLs and content within correspondence carefully before sending any valuable information or money to a contact.

  • The sender is asking for confidential information or requesting money, often on a very urgent timeline. These types of questions and tricks are used in phishing scams to gain the information the scammer needs to continue his BEC scam.

  • The sender asks you to click on an included link that you were not expecting or needing. This will often lead to the scammer installing malware onto your device, which helps them gain additional access and information for their criminal activities. Do not click on any links or download attachments from unsolicited correspondence.

  • The correspondence comes from an unknown person or company. Never trust an unknown entity who is asking for personal or financial information. Before taking any action, verify that the email is authentic by either with a manager or by a phone call to a known number at the company.

What To Do If You Suspect a Scam

If your intuition tells you something seems off, pay attention to that feeling of unease. There is a good chance you’ve just identified a scamming attempt. Here’s what you should do next:

  1. Verify the sender of the email. Contact the sender at a phone number or email you have in your contact database, not the contact information provided in the email. Confirm that they sent you the email and determine why they need the personal information or funds requested. Remember, email is never a secure way to send financial information, so if the sender is authentic, work with them to find a better way to share that information.

  2. Follow or establish processes to validate invoices, purchase orders and money transfers. For example, perhaps all invoices or purchase orders must be validated by phone. Or money requests will not be sent without more than one individual copied on the email. Follow your process to determine if the suspected scam is legitimate or not.

  3. Report the activity. Cybercriminals will only be stopped if they get caught. Help ensure this doesn’t happen again. Get in touch with your bank if you feel financial information was stolen, let your company and superiors know so they can help to minimize damage, and report the incident to law enforcement.

Unfortunately, cyber scams are a persistent threat. However, we can all protect ourselves from the devastating outcomes of cyber-fraud by understanding the threat and taking the actions above.

Interested in more information about protecting yourself or your business from scams? Check out these additional articles to learn more.

5 Steps to Keep Your Financial Information Secure
What is Phishing? How to Avoid Bank Scams and Protect Your Personal Information

For additional information on protecting your financial information, talk with a one of our professionals. We’re always here to help.

Important Information
Sunflower Bank N.A. does not provide information security or information technology (IT) consulting services. This material is provided “as is,” with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality, and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your specific IT system or information security concerns, please contact your IT or information security advisor.