Email isn’t always trustworthy.
Messages from bosses or co-workers that look suspicious and request a financial transaction might be a scam, and a recent report from the Better Business Bureau shows that more people are falling victim to business email compromise scams.
Almost $3.1 billion has been bilked from businesses and organizations since 2016 and scammers attempted to swindle an additional $23 billion during that time, according to the report.
Last year, over 20,000 complaints were filed in the United States, resulting in a loss of $1.3 billion – roughly double the prior year, according to the FBI’s Internet Crime Complaint Center. Springfield businesses are not immune. So far this year, $2.1 million has been bilked from businesses in the city to BEC scammers around the world, according to data reported to the FBI. The year prior, local victims reported losing over $727,500.
The FBI refers to them as BEC scams. Dixon Land, public affairs specialist at the FBI Kansas City office, said they come in several forms. It could be a CEO directing a financial officer to wire money, a boss asking an employee for a favor to buy gift cards on their behalf, vendors requesting payment be made to another account or executives requesting copies of employee tax information, according to the report. They’re often sent from a familiar email address and with that person’s email signature.
“Scammers are using emails or specific messaging systems within businesses to redirect company finances so that the employee who is handling the finances is tricked into wiring transfers to a bank account that they think is either of a co-worker, boss or third-party vendor,” Land said. “A lot of the time, it’s spoof emails or emails that look like a part of your community.”
A business of any size and in any industry can be affected by the fraud, Land said. In 2018, 80% of businesses received a BEC scam. This year, the number of scams jumped 50% in the first three months, according to the report.
The trend is growing in Springfield, too. FBI data show six reported BEC victims in the city in 2016, then up to 11 in 2017 and 2018. So far this year, there have been 19 victims.
Stephanie Garland, the BBB’s regional director in Springfield, said via email the bureau isn’t able to clearly track the number of scams in the area.
“These scams are likely to be significantly under-reported because businesses tell BBB that they are embarrassed to have lost money and don’t want to appear vulnerable,” she said.
Springfield Business Journal received a BEC scam a few months ago that an employee fell victim to, said Publisher Jennifer Jackson. The email sent to all employees appeared to be from Jackson and requested staff members to help her by purchasing $100 gift cards for staff rewards. One employee purchased a gift card, and SBJ reimbursed that employee, she said.
“Until that happened, it didn’t occur to me to have that conversation,” Jackson said. “I became so used to seeing junk email come through that it didn’t occur to me that anyone would fall for it.”
She suggests business owners create a clear policy of how money is transferred in the workplace, which SBJ has since done.
“I’m seeing them much more frequently than I have before,” Jackson said of the fraudulent emails. “We’ve upped our email security, but it only catches spam, and it’s not going to filter a legitimate email.”
What to do
Land said, if scammed, the first step is to report it to local law enforcement.
“The FBI relies on educational awareness and reporting,” Land said. “We want to know if someone is a victim of an email compromise and hopefully identify the scammers and bring them to justice.”
A four-monthlong coordinated effort between several federal law enforcement agencies called Operation reWired resulted in 281 arrests in the United States and overseas, according to information released last month by the FBI. The arrests – which resulted in the seizure of nearly $3.7 million – were made in Nigeria, Ghana, Turkey, France, Italy, Kenya, Japan, Malaysia and the United Kingdom.
Garland said business owners also can file incidents on the BBB’s Scam Tracker website. The bureau then reports all results to law enforcement, she said.
Across all its regions, she said the BBB is on track to handle over 19,300 complaints by the end of the year.
There are precautionary steps that business owners and employees can take, too. The BBB report suggested most fraud cases could have been stopped if the employee called the individual supposedly requesting money.
“One of the things we encourage employees and businesses to do is – using either the telephone or in person – to contact the person who is making that request to confirm that,” Land said. “Creating that double-checking system will help.”
Thomas Douglas, CEO of Springfield-based JMark Business Solutions Inc., said businesses can block emails sent from specific geographic regions through an email software like Microsoft’s Office 365 or Google’s G Suite. He recommended this method if a company doesn’t usually work with international businesses.
Business owners also should keep computers updated with antivirus software, he said. However, most of these emails still make it through the firewall, so business owners should educate employees on the scam.
“Let them know they are going to get phishing emails and someone will trick them into it,” Douglas said. “No technology solution is going to be perfect, so people have to help close the gap.”
Jeff Eiserman, business risk adviser with Ollis/Akers/Arney, said cyber insurance policies are beginning to include coverage for BEC scam losses.
“All of this is so nuanced, and there’s so many new types of losses, that the insurance industry is trying to figure out a way to adapt and a way to respond,” Eiserman said, noting that some companies and policies offer coverage for such losses and some do not. “The most important thing is the agent you’re working with and if they understand your risk.”
The BBB also recommends requiring multifactor authentication, cyber insurance and internet security training, as well as verifying changes in employee and vendor information. According to the report, the bureau also suggests limiting the number of times that a user can enter incorrect login information.
“Every business today gets attacked. We try to provide a high degree of awareness of these kinds of threats to our clients,” Douglas said. “It’s a never-ending fight to keep users protected.”
SBJ compiles news on the respiratory virus outbreak.
Life coach Ann Leach says having a structured routine helps her maintain a positive attitude during difficult times. She says it might seem to be anathema to a creative spirit, but the framework …
Motivational speaker Zach Troutman says his grandmother and a coach helped him discover his passion. He founded Follow the Leader to normalize conversations about mental health after dealing with …
Independent consultants Mary Overbey, Damion Trout and Lucas Walker discuss ways businesses can reduce the time it takes to recover from the pandemic. They say proactively planning, setting goals …
Technology business consultant Mackenzie Scherer says many small business owners don’t understand the need for a business website or social media. Scherer says there are three steps to establish an …
Joe Daues, CEO of the Breast Cancer Foundation of the Ozarks says he wants to focus on collaboration and developing long term partnerships with other not for profits. Daues says this will allow …
Since Justin Larkin hasn’t been able to perform publicly because of the pandemic, the singer-songwriter has been writing new material. Larkin says he’s excited to be creating new music in his …
Richard Ollis, CEO of Ollis/Akers/Arney, says clearly defined goals and teamwork will prepare you for success. Listen to others’ perspectives to help find a better game plan. Duration: 1:22
Author and Consultant Rosie Ward says only one third of employees are engaged in their wellness program. She says one organization has been examining how to reduce healthcare costs and encourage …
Speaker, coach and writer Erika Gerdes says there is a deep seated belief that you must choose between fulfillment and success. Gerdes says she had to change her mindset to see it’s possible to …
Taylor Otwell, CEO of Laravel, started his company as a way to prototype ideas, but ended up releasing the application to the world. Now others use it to build their businesses. Duration: 1:16