Your risk of falling victim to business email compromise is greater than ever. And it’s thanks to — you guessed it — the coronavirus.
Business email compromise (BEC) has been one of the most formidable foes your finance department has faced in recent years. And scammers are jumping on the current crisis to worm their way into your systems.
No company can afford a costly loss from fraud right about now.
Here’s what you need to know to protect your company and your cash from fraudsters looking to capitalize on the global pandemic.
Coronavirus-angled phishing attacks
For a BEC scam to work, a criminal must gain access to your company systems so they can study your org chart, how emails from execs sound, your payment patterns, etc.
And they do that through a phishing attack.
Phishing attacks have exploded in recent months, all using the coronavirus as the hook to get people clicking. In fact, both IRS and the Department of Justice have issued warnings to both businesses and consumers.
Why’s it working? The pandemic has people so panicked that they’re more willing to open emails and click links from unverified sources to get promised information. Especially when it allegedly comes from the World Health Organization or the Centers for Disease Control and Prevention.
A single employee clicks on a link from a phony company purporting to sell masks or a text telling them someone they’ve come into contact with has COVID-19, and the door has opened for a BEC scam.
So you want to launch an educational blitz on all the different types of coronavirus scams out there.
Have IT take the lead and encourage them to be specific. They should push out examples of specific attacks: what scam emails look like, the language they use.
Because the attacks are evolving every day, this should be an ongoing campaign.
It will also help to have managers and even you and your CEO to push things out to explain exactly what kind of information or action you’d never ask for in an email.
Your best business email compromise defenses now
Granted that list might look different than it did just a month or two ago, which is exactly why crooks are jumping on this so aggressively.
After all, your company is likely making “a flurry of unusual financial transactions” during the current crisis, reminds the National Association for Credit Management, including:
- expedited orders
- canceled deals, and
- refunds.
Any one of these could be an opportunity for a fraudster to impersonate you or another member of the management team and request a quick payment.
Now add that your A/P or A/R staffers can’t just stroll down the hall and verify whether that transaction was really originated by that person, putting your company at greater risk.
Urge your team to stay in close contact, pick up the phone and tap tech safeguards like a virtual private network or single login systems on strictly company laptops for all transactions.