In our companion Privacy and Security Blawg, we post about privacy and security issues affecting the health care industry. However, sometimes the information we post is important to the wider business community.
Here is one such issue: The Business E-mail Compromise.
The Internet Crime Compliant Center [IC3] issued a warning to business owners- small and large. The warning alerts business owners to a scam being dubbed the Business E-mail Compromise [BEC] A.K.A. Man-in-the-Email Scam. The end game of the BEC scam is to generate false wire transfers. And, the scammers are using the names of your staff and vendors to do it.
Here are some 2 sample versions restated from the IC3 warning:
Version 1
A business, which often has a long standing relationship with a supplier, is asked to wire funds for invoice payment to an alternate, fraudulent account. The request may be made via telephone, facsimile or email. If an email is received, the subject will spoof the email request so it appears very similar to a legitimate account that would take very close scrutiny to determine it was fraudulent. Likewise, if a facsimile or telephone call is received, it will closely mimic a legitimate request. This particular version has also been referred to as “The Bogus Invoice Scheme,” “The Supplier Swindle,” and “Invoice Modification Scheme.”
Version 2
An employee of a business has his/her personal email hacked. Requests for invoice payments to fraudster-controlled bank accounts are sent from this employee’s personal email to multiple vendors identified from this employee’s contact list. The business may not become aware of the fraudulent requests until they are contacted by their vendors to follow up on the status of their invoice payment.
Visit our privacy and security blawg at https://gettinslaw.com/hipaa/2015/03/16/have-you-heard-about-the-business-e-mail-compromise/ or click here.
Discover some watch-outs to help spot a BEC scam and What can you do to protect yourself!