Email isn’t always trustworthy.
Messages from bosses or co-workers that look suspicious and request a financial transaction might be a scam, and a recent report from the Better Business Bureau shows that more people are falling victim to business email compromise scams.
Almost $3.1 billion has been bilked from businesses and organizations since 2016 and scammers attempted to swindle an additional $23 billion during that time, according to the report.
Last year, over 20,000 complaints were filed in the United States, resulting in a loss of $1.3 billion – roughly double the prior year, according to the FBI’s Internet Crime Complaint Center. Springfield businesses are not immune. So far this year, $2.1 million has been bilked from businesses in the city to BEC scammers around the world, according to data reported to the FBI. The year prior, local victims reported losing over $727,500.
The FBI refers to them as BEC scams. Dixon Land, public affairs specialist at the FBI Kansas City office, said they come in several forms. It could be a CEO directing a financial officer to wire money, a boss asking an employee for a favor to buy gift cards on their behalf, vendors requesting payment be made to another account or executives requesting copies of employee tax information, according to the report. They’re often sent from a familiar email address and with that person’s email signature.
“Scammers are using emails or specific messaging systems within businesses to redirect company finances so that the employee who is handling the finances is tricked into wiring transfers to a bank account that they think is either of a co-worker, boss or third-party vendor,” Land said. “A lot of the time, it’s spoof emails or emails that look like a part of your community.”
A business of any size and in any industry can be affected by the fraud, Land said. In 2018, 80% of businesses received a BEC scam. This year, the number of scams jumped 50% in the first three months, according to the report.
The trend is growing in Springfield, too. FBI data show six reported BEC victims in the city in 2016, then up to 11 in 2017 and 2018. So far this year, there have been 19 victims.
Stephanie Garland, the BBB’s regional director in Springfield, said via email the bureau isn’t able to clearly track the number of scams in the area.
“These scams are likely to be significantly under-reported because businesses tell BBB that they are embarrassed to have lost money and don’t want to appear vulnerable,” she said.
Springfield Business Journal received a BEC scam a few months ago that an employee fell victim to, said Publisher Jennifer Jackson. The email sent to all employees appeared to be from Jackson and requested staff members to help her by purchasing $100 gift cards for staff rewards. One employee purchased a gift card, and SBJ reimbursed that employee, she said.
“Until that happened, it didn’t occur to me to have that conversation,” Jackson said. “I became so used to seeing junk email come through that it didn’t occur to me that anyone would fall for it.”
She suggests business owners create a clear policy of how money is transferred in the workplace, which SBJ has since done.
“I’m seeing them much more frequently than I have before,” Jackson said of the fraudulent emails. “We’ve upped our email security, but it only catches spam, and it’s not going to filter a legitimate email.”
What to do
Land said, if scammed, the first step is to report it to local law enforcement.
“The FBI relies on educational awareness and reporting,” Land said. “We want to know if someone is a victim of an email compromise and hopefully identify the scammers and bring them to justice.”
A four-monthlong coordinated effort between several federal law enforcement agencies called Operation reWired resulted in 281 arrests in the United States and overseas, according to information released last month by the FBI. The arrests – which resulted in the seizure of nearly $3.7 million – were made in Nigeria, Ghana, Turkey, France, Italy, Kenya, Japan, Malaysia and the United Kingdom.
Garland said business owners also can file incidents on the BBB’s Scam Tracker website. The bureau then reports all results to law enforcement, she said.
Across all its regions, she said the BBB is on track to handle over 19,300 complaints by the end of the year.
There are precautionary steps that business owners and employees can take, too. The BBB report suggested most fraud cases could have been stopped if the employee called the individual supposedly requesting money.
“One of the things we encourage employees and businesses to do is – using either the telephone or in person – to contact the person who is making that request to confirm that,” Land said. “Creating that double-checking system will help.”
Thomas Douglas, CEO of Springfield-based JMark Business Solutions Inc., said businesses can block emails sent from specific geographic regions through an email software like Microsoft’s Office 365 or Google’s G Suite. He recommended this method if a company doesn’t usually work with international businesses.
Business owners also should keep computers updated with antivirus software, he said. However, most of these emails still make it through the firewall, so business owners should educate employees on the scam.
“Let them know they are going to get phishing emails and someone will trick them into it,” Douglas said. “No technology solution is going to be perfect, so people have to help close the gap.”
Jeff Eiserman, business risk adviser with Ollis/Akers/Arney, said cyber insurance policies are beginning to include coverage for BEC scam losses.
“All of this is so nuanced, and there’s so many new types of losses, that the insurance industry is trying to figure out a way to adapt and a way to respond,” Eiserman said, noting that some companies and policies offer coverage for such losses and some do not. “The most important thing is the agent you’re working with and if they understand your risk.”
The BBB also recommends requiring multifactor authentication, cyber insurance and internet security training, as well as verifying changes in employee and vendor information. According to the report, the bureau also suggests limiting the number of times that a user can enter incorrect login information.
“Every business today gets attacked. We try to provide a high degree of awareness of these kinds of threats to our clients,” Douglas said. “It’s a never-ending fight to keep users protected.”
At least four groups have filed building permits to start work on East Cherry Street near U.S. Highway 65.
“Every client should be treated as a client for life,” says Lance Garrett, vice president of the Springfield Division of Crossland Construction. From the design phase through replacing worn …
Melanie Upshaw with Phoenix Home Care and Hospice, says we plan important events, but neglect to plan for our health care. Families often struggle to make decisions when a loved one isn’t able. …
Annie Pope, CEO and owner of The Chili Bowl By Cafe 21 says she’s been able to apply lessons learned from her previous restaurant to her current one. Pope says they understood their customer base …
Donald Babb, CEO and executive director of Citizens Memorial Hospital, says marketplace demands are critical to maintaining a health care system. Babb says the community became more involved as the …
Angela Frantz with Ultimate Software, says some employers are skeptical about allowing employees to telecommute. “If they’re not engaging and self regulating and self motivating and making sure …
While divorce can be a difficult and lengthy process, Jillian Wood, managing partner with Stange Law Firm, outlines how a divorce can take three paths with different levels of complexity. Note: …
Megan Short, executive director of Springfield Contractors Association, explains what hints you can glean from the health of the overall economy based on the health of the construction industry. She …
Jamie Jacobsen, owner of Fazoli’s, says small businesses are a lot like families. Their employees and customers are part of the community, so it’s important for them to help out local not for …
SueAnn Hollowell, CEO of Optikal, says using social media is an effective method of reaching customers. She says they connect with social media influencers who then review their products on YouTube. …
Paul Long, vice president with Ollis/Akers/Arney, says a demanding job can take a toll on your family life. When his children were young, he would work early and go back to work late to spend the …