It’s hard to say no when you receive orders from the boss. And that’s exactly why business email compromise scams have been successful lately. So successful, in fact, that they’ve defrauded businesses around the globe of almost AU$3billion in just two and a half years.
That’s why, as someone running a small to medium business, its important you understand how to protect your organisation.
The business email compromise scam happens when a fraudster impersonates a senior member of staff to trick someone at the company to transfer funds to the fraudster’s account.
While that may sound simple enough, the scam can be quite sophisticated in the way it’s put together – with many months of detailed planning going into the end result. It’s that level of sophistication and complexity that can also make it very hard to detect.
A scam that’s built on intelligence
Business compromise scams are often multi-stage operations that start with intelligence gathering. The first sign that a scam is underway could be an innocent phone call to reception to find out who looks after accounts. Alternatively, it might be a recruiter or a supplier looking to update their database. Whoever they pose as, the scammer will be looking for one thing: the details of the people in your organisation who hold the purse strings.
Then again, scammers don’t always even have to make contact to start mining your business for information. Very often it will be enough just to troll through the information that’s publicly available on your website, LinkedIn profiles or other social media accounts.
But that still leaves a lot to chance: especially the chance that an employee will fall for an email that comes from an address other than yours.
So some of the most effective email compromise scams go several steps further.