Preventing this insidious email forwarding scam that will drain your bank account

With our lives so intertwined with digital communication these days, the threat of email fraud is something we all need to take seriously. Recently, Teresa W. shared a scary experience that underscores the dangers of business email compromise (BEC).

"I almost lost many thousands of dollars through an internet fraud scam. I got a call from our personal banker who said she saw nearly all the money in our business account being withdrawn. She said she got an email from me along with the money wiring directions. I told her I didn't send that and she said my email came from me directly to her. I said to stop everything and I will get to the bottom of it.

"Apparently the thieves got hold of a wiring instruction paper from my email, which they hacked into. They created a rule in Outlook to bypass me if anything came from them and go straight to the banker. They changed the wiring instructions to go into their account but thank goodness our banker alerted me so I could get to the bottom of it. Too close for comfort!"

This incident highlights a sophisticated scam where cybercriminals gain access to legitimate email accounts and use them to deceive others into transferring funds. Teresa's quick action, combined with her banker's vigilance, prevented a significant financial loss, but it serves as a wake-up call for many businesses.

Business email compromise (BEC) is a form of cybercrime that targets companies engaged in wire transfer payments and other financial transactions. The FBI reports that BEC scams have caused billions in losses globally. These scams exploit human psychology rather than technical vulnerabilities, making them particularly insidious.

Email rule creation: Once inside the account, scammers can create rules in email clients like Outlook that redirect or hide specific emails. This means that any communication related to fraudulent activities may go unnoticed by the victim.

Impersonation: The scammer impersonates the victim and sends emails to contacts, such as banks or vendors, requesting urgent wire transfers or sensitive information.

Execution: The scammer provides convincing details and urgency in their requests, making it appear as though the email is genuinely from the victim. They may use specific language or references only known to the victim and their contacts.

The consequences of BEC scams can be devastating for businesses. In addition to direct financial losses, companies may face reputational damage, loss of customer trust and potential legal ramifications. For small businesses like Teresa's, which may not have extensive cybersecurity measures in place, the impact can be particularly severe.

To combat BEC and similar scams, businesses must adopt a proactive approach to cybersecurity.

Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

5) Invest in personal data removal services: Using a data removal service can be an effective additional step to protect your personal information after a potential BEC scam. These services locate and remove your information from various online platforms, databases and data brokers. By eliminating unnecessary or outdated information, data removal services minimize your online presence, making it harder for scammers to find and exploit your data.

6) Regularly update security questions: Change security questions and answers periodically to enhance protection.

7) Regularly review email rules: Check for unauthorized changes in email settings that could indicate compromise.

8) Disable auto-forwarding: Unless absolutely necessary, turn off auto-forwarding features to prevent sensitive information from being sent elsewhere without your knowledge.

9) Verify requests: Always verify any financial requests through a secondary communication method (e.g., a phone call) before proceeding with transactions.

10) Limit access: Restrict access to financial information and transactions only to those who need it within your organization.

11) Contact professionals: If you're unsure about any steps or if the situation seems severe, consider reaching out to a professional IT service.

In addition to creating throwaway email accounts for online sign-ups and other circumstances where you would not want to disclose your primary email address, alias email addresses are helpful for handling and organizing incoming communications.

The story shared by Teresa W. serves as a crucial reminder of the vulnerabilities inherent in our digital communications. The rise of BEC scams not only threatens financial security but also erodes trust in electronic transactions. By implementing robust security measures and maintaining vigilance at all levels of an organization, individuals and businesses can protect themselves from these insidious attacks.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.