Do you know what's in your email inbox? Some dangerous messages could be lurking from fraudsters attempting to convince you to wire money to them, all while acting as legitimate companies. This practice, known as email spoofing, leads to financial damage for targeted companies and increased stress for everyone involved. Know the signs of email spoofing to safeguard your corporate accounts.
How Email Spoofing Works: The Art of Deception
The organized criminal groups that engage in business e-mail compromise scams are incredibly sophisticated. Here are some of the online tools they use to target and exploit their victims:
- Spoofing e-mail accounts and websites: Slight variations on legitimate addresses (email@example.com vs. firstname.lastname@example.org) fool victims into thinking fake accounts are authentic. The criminals then use a spoofing tool to direct e-mail responses to a different account that they control. The victim believes he is corresponding with his CEO, but that is not the case.
- Spear-phishing: Bogus e-mails believed to be from a trusted sender prompt victims to reveal confidential information to the Business Email Compromise (BEC) perpetrators.
- Malware: Used to infiltrate company networks and gain access to legitimate e-mail threads about billing and invoices. That information is used to minimize suspicions of an accountant or financial officer when a fraudulent wire transfer is requested. Malware also allows criminals undetected access to a victim’s data, including passwords and financial account information.
If you or your company fall victim to a BEC scam, it's important to act quickly. Contact your financial institution immediately and request they contact the financial institution receiving the fraudulent transfer. Next, call the FBI, and also file a complaint—regardless of dollar loss—with the FBI's Internet Crime Complaint Center (IC3).