Interpol has issued detailed guidelines on it to make people understand this and also stay protected. Read on:
What is Business Email Compromise fraud?
Business Email Compromise fraud is a corporate level of scam where scammers hack into email systems and use social engineering tactics to get information about corporate payment systems.
Once they have all the necessary information, they trap the company employees into transferring money into their bank accounts.
How do criminals gain access to victim’s devices?
Criminals use hacking, phishing websites and malware to gain access to the victim’s system. Criminals target users based on the information they share on social media platforms. Also, they at times pretend to be a supplier requesting urgent payment or change to banking details, or a senior employee in the company with authority to authorise payments.
Interpol has also shared a couple of tips on how to stay protected from such scams.
Protection against hacking attempts
- Use anti-virus, firewall, and additional tools, regularly scanning computers and devices to ward off malware infections.
- Keep both personal and business computers up to date by heeding security alerts, updating security patches, and conducting periodic system checks.
- Ensure the robust protection of your email accounts and avoid sharing passwords.
- Exercise caution by refraining from clicking on unexpected attachments or links, even if they appear innocuous (such as an invoice), as they may contain malware providing unauthorised access to monitor your email and computer activities.
- Activate spam filters and block any access to websites flagged as suspicious or blacklisted.
Raise questions about ‘urgent’ needs
- Carefully scrutinise the sender’s email address, as criminals often create an account with an address very similar to that of your business partners.
- Inform your colleagues, especially those handling bank accounts, about the scam to ensure awareness.
- If you receive an email regarding a change in payment method or bank account, reach out to the payment recipient through an alternative channel (such as phone) to validate the claim. Avoid responding directly to the email.
- Prioritise verifying the authenticity of websites before disclosing any personal or sensitive information.
Protect yourself from becoming a target
Avoid sharing sensitive or personal information on social media, as fraudsters can exploit it to target you.
Ensure the secure disposal of all confidential documents by shredding them appropriately.
Use distinct passwords for each account, regularly update them, and activate two-factor authentication whenever possible.
Create robust passwords with a combination of numbers, symbols, and both uppercase and lowercase letters.
What to do if you’ve paid money?
Collect all documentation related to the transaction, including emails and invoices, and report the incident promptly to your local police.
Immediately notify your bank about the fraudulent transaction, and request the bank to initiate the prompt retrieval of the funds.
Consider seeking advice from a civil lawyer in the country where the money was deposited into the beneficiary bank account. This consultation may assist in addressing the bank to recover the funds and potentially filing a civil complaint against the account holder.