BBB: What should you do if your organization has lost money to a BEC fraud?

 
What should you do if your organization has lost money to a BEC fraud?
 

According to the Better Business Bureau study of Business Email Compromise Scams:

  1. If an organization finds that it has been a victim of a BEC fraud, it needs to immediately call its bank to stop the payment and report it to the FBI in the U.S. or the Canadian Anti-Fraud Centre in Canada. If a report is filed within 48 hours, there is a chance the money can be recovered.

  2. Complain to the FBI’s Internet Crime Complaint Center. IC3 also asks people to report unsuccessful BEC attempts as well. Information from attempts may help establish patterns or identify mule bank accounts.

  3. Complain to the Canadian Anti-Fraud Centre: 1-888-495- 8501.

  4. Report fraud to BBB Scam Tracker.

We are recommending two more:

  1. If the threat impersonated the IRS: phishing@irs.gov.

  2. Vendor Maintenance Training to protect against fraudulent payments:

New Scam Alert: Phishing Abuse of HTTPS and 65% of BEC Scams Target Gift Cards

New Scam Alert:   Phishing Abuse of HTTPS  and 65% of BEC Scams Target Gift Cards

Security Boulevard reported that APWG released findings that in Q2 of 2019 more than half of phishing sites have HTTPS, which makes the site appear legitimate.

The findings also revealed that over 65% of BEC attacks are focused on getting obtaining gift cards. How do you combat? Train your staff to spot these threat actors through the requirement to send the gift card numbers. Also, add a policy that leadership will not ask the employees to request gfit card numbers, only tunr over the actual cards or send via by mail.

Security Boulevard has the story here.

North Carolina county falls for BEC scam, to the tune of $1,728,083

Debra R Richardson.jpg

The North Carolina county of Cabarrus, in the US, says that it’s managed to claw back only some of the $2,504,601 it paid to a scammer posing as a contractor working on building a new high school.

The crooks used social engineering – specifically, what’s known as a Business Email Compromise (BEC) scam – to pose as Branch and Associates, which is a general contractor that’s working on building a new school for the Cabarrus County Schools District.

The scam came to light after Branch and Associates sent a courtesy notice about a missed payment on 8 January. County staff confirmed that the electronic funds transfer (EFT) had, in fact, cleared the month before.

County officials next notified the bank to which the $2.5m was transferred, Bank of America. The bank managed to freeze $776,518.40 of the $2,504,601 that remained in traceable accounts.

Continue reading on Naked Security.


Authentication. Validation. Management. TM.jpg

Use authentication techniques, internal controls and best practices in Vendor Setup & Maintenance to protect your vendor master file from fraud.

BEC Scammers Turn to Aging Reports in New Twist

BEC New Twist.jpg

Don’t be tricked to giving your AP Aging Report - they are gold to scammers. Read the post from Info Security here.

Add authentication techniques, internal controls and best practices to reduce the potential for fraudulent payments.