Subscribe

Randy Hutchinson

Randy Hutchinson is the President and CEO of the BBB of the Mid-South, serving 28 counties in Tennessee, Mississippi and Arkansas. He graduated from Western Maryland College and has an MBA from Wilmington College.

Guest column: Email scam costs businesses billions of dollars

By Updated: October 13, 2018 6:52 PM CT | Published: October 13, 2018 6:51 PM CT

Most businesses would be ecstatic if their revenue increased more than 100 percent in less than two years. Scammers are business people too, scams are their products, and the FBI reports that their revenue from one scam increased 136 percent between December 2016 and May 2018.

I know of a large Memphis company and a prominent nonprofit organization that were targeted by the scam. Neither fell for it, but an out-of-state company whose owner has ties to Memphis lost $47 million (some funds may have been recovered). The FBI says more than $12 billion has been lost worldwide.

In the Business Email Compromise Scam (BEC), crooks use social engineering or computer intrusion techniques to compromise business email accounts to do one of the following:

  • Spoof email accounts of senior executives to direct the processing of a wire transfer to a fraudulent account.
  • Impersonate a party to a real estate transaction to direct that funds be sent to a fraudulent account.
  • Spoof email accounts of senior executives to send fraudulent requests for W-2 or other sensitive information to an employee who routinely maintains that sort of information.
  • Send fraudulent requests to redirect funds in a pending business transaction to an account controlled by the crooks.
  • Find out about trust funds or litigation and impersonate a law firm client to change the recipient bank information to a fraudulent account.

The real estate sector has been heavily targeted in the past few years, including title companies, law firms, real estate agents, and buyers and sellers. Victims receive an email from another party to a real estate transaction that looks real instructing them to wire money to what ends up being a fraudulent account.

A Washington, D.C., couple wired $1.6 million to what they thought was a title and escrow company, but the money went to hackers instead. Real estate transaction losses in the BEC scam increased 2,200 percent from 2015 to 2017.

Employees don’t have to actually wire money or provide information themselves for the company to become a victim. Simply clicking on a link or attachment in an email that looks like it came from a company executive could result in malware being downloaded that gives the crooks access to passwords and other sensitive information they can use to steal money or data.

Protecting your company starts with employing good system security measures. The FBI and BBB also recommend:

  • Using extra precautions when transferring money.
  • Avoiding free, web-based email.
  • Having systems that detect slight variations in reply emails and domain names. For example, the crooks may change abc_company.com to abc-company.com.
  • Verifying changes in vendor payment locations.
  • Being careful what employee information is posted on company websites, on social media accounts, and in other places.
  • Scrutinizing payment requests that seem out of the ordinary and being suspicious of requests for secrecy or pressure to act immediately.

Topics

Guest Column Better Business Bureau Of The Mid-South Scammers

Comment On This Story

Section Emails

Sign up to get the latest articles from the Business;Guest Columnists section.