8 Ways That Fraud Emails Can Compromise Your Back Office
If there鈥檚 one thing payment companies of any caliber are familiar with watching out for, it鈥檚 Business Email Compromise鈥攁lso known as BECs.
Business Email Compromise occurs when a听fraudulent party gains access听to a company鈥檚 systems and email. If they鈥檙e successful, they gather information on the company and its suppliers, including payment cadences. They masquerade as legitimate businesses to change contact and banking information, ultimately re-routing funds to their own accounts.
It鈥檚 a subtle process that preys on a person鈥檚 willingness to give others the benefit of the doubt. With businesses simultaneously facing other, more direct attacks, BECs can be difficult to detect and nearly impossible to reverse.
Fraudsters听specialize in writing convincing emails. With accounts payable folks moving fast and trying to maintain good supplier relationships,听it鈥檚 easy to fall for one of these schemes. But by slowing down and scrutinizing these requests, there are often tells that can alert you to the sender鈥檚 legitimacy.
Here are some of the most common techniques that fraudsters take advantage of:
Email address anomalies.
听
Take a good look at the email address of incoming requests. There are all kinds of ways to spoof an email address, and you may find minuscule changes compared to the email you already have on record. For example, the email might vary by a single character. It might be the same address but end in something other than 鈥.com.鈥 Slow down and look carefully, and you鈥檒l eradicate a good portion of potentially fraudulent requests.
The fake cc.
听
Fraudsters will sometimes cobble together a convincing email string by cc鈥檌ng other parties鈥攁 fake approver, manager, etc.鈥攗sing real names they鈥檝e gathered, along with spoofed email addresses. They may even mention that they鈥檝e copied someone to try to demonstrate authenticity. Inspect email addresses of cc鈥檇 parties just as carefully as the sender鈥檚 email. 听
Odd voice or tone.
听
Many of these attacks originate offshore and are written by people who are not native English speakers. If you鈥檙e dealing with a US supplier, even slight errors in vocabulary, spelling, grammar, or sentence construction may be red flags. That鈥檚 not to say every legitimate person you interact with will have immaculate grammar, so pay attention to tone as well. If it鈥檚 a supplier you work with frequently, check for subtle changes from your normal communication with the supplier. If something feels off, pick up the phone and call the number on their website before communicating further by email.
Wrong vernacular.
听
Vernacular is often very localized, and another good way to alert you to a potential issue. For example, in the U.S., 鈥渃heck鈥 is spelled just so. If a U.S. supplier uses the British English 鈥渃heque,鈥 it鈥檚 worth looking closer at the request before moving forward.
Urgency.
听
These requests are usually urgent. They will tell you they need to have their bank account information changed immediately. There are all kinds of rationales鈥攂ank accounts closing or overdue payments鈥攁nd they typically put a lot of pressure on you to help them out by getting it done right away. It鈥檚 another way fraudsters play into our desires to help one another. Take a moment to slow down. If you truly believe the business is in dire straits, call them to discuss further.
Erroneous invoice numbers.
听
Since all payments are associated with an invoice number, fraudsters often include numbers in their emails to make the request look more legitimate. The numbers may be from older payments, guessed from past invoice patterns, or even made up. You should always make sure the invoice numbers match other payment information. If the number is outdated, not mapping to the right customer, or otherwise incorrect, it鈥檚 best to look into the matter before providing further information to the email sender.
Incorrect amount.
听
A real supplier is going to know the invoice number and the exact amount of payment. A counterfeit supplier may be guessing numbers from payment patterns they鈥檝e identified鈥攐r misidentified.
Doctored checks.
听
When suppliers provide a voided check with their update request, it should be scrutinized. Some may be more obviously doctored, but others are quite convincing. Take a good hard look at the MICR line, supplier logo, address, and even the bank, to identify discrepancies.
If you know you will be handling updates to supplier information, it鈥檚 prudent to have technology in place to prevent your systems from being breached. Never take action on banking change requests without performing several verification steps, including calling the supplier at the phone number already on file to confirm the update with them. However, a sense of urgency combined with a convincing story can sometimes get people to forgo their usual validation steps and release funds to fraudsters. By the time you realize what鈥檚 happened, it can be difficult to get your money back. That鈥檚 what fraudsters are counting on.
A听banking change request听should always put your accounts payable team on high alert. Such requests are often legitimate, but never let your guard down. New fraud schemes are emerging all the time, so even if you can鈥檛 quite put your finger on what鈥檚 wrong, pay attention to your gut feeling. When in doubt, double or triple check the request and compare their information to what you already have on file. Send the email in question to your security team to review鈥攖hey often have more experience looking for signs of a spoofed message. Pick up the phone and call the supplier. Tell them you understand the urgency, but you need to follow process and protocol for everyone鈥檚 protection. At the end of the day, a legitimate supplier will thank you for protecting their business and yours.
Switch to 91快活林
Discover how making the move to 91快活林 streamlines payments and strengthens your business.
Talk to an ExpertSmarter payments. Stronger growth. Keep business moving.
91快活林 powers payments for 800,000+ businesses worldwide. Let鈥檚 build what鈥檚 next for yours.