BEC is a scheme in which criminals deceive and trick individuals into transferring funds via wire. This is a preferred methodology because wire transfers can be used to move large amounts of money between financial institutions very quickly. The speed of these transfers makes it an attractive internal control weakness to exploit in order to steal large sums in a single transaction. There are a variety of schemes and methods criminals utilize to victimize people and companies, such as a Spoofed Email Account or Website, Spear phishing emails, and Malware.
If you are a victim of a BEC, you should immediately do the following as TIME IS OF THE ESSENCE:
- Contact your Financial Institution and instruct them to send a recall request.
- File a complaint with the FBI Internet Crime Complaint Center (IC3) online at www.ic3.gov.
- Soon after submission, contact your local FBI Office and follow up with the online complaint you made. You can reference your IC3 submission and provide them a copy for ease of reference.
To protect against these email attacks, strongly consider the following measures to secure your electronic communications:
- Be careful with what information you share online or on social media. By openly sharing personal information like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
- Never click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing) and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
- Verify payment and purchase requests in person if possible or by calling the person to make sure it is legitimate. Do not call the number in the email, but rather the known vetted number of the company/contact. You should verify any change in account number or payment procedures with the person making the request. You must be certain before wiring funds.
- Be especially wary if the requestor is pressing you to act quickly or the language appears to be a little different or nuanced.
You can contact us for additional steps that could possibly be taken to mitigate the loss and future damages.