You receive an email from your CEO requesting an immediate transfer of funds to an account. Because this is unusual, do you call your CEO to check that she’s made this request herself, or do you simply follow orders?
Making sure could save your company from losing thousands of dollars.
These suspicious emails are part of business email compromise (BEC) schemes, where fraudsters use different email techniques to communicate with victims. Crooks often pose as staff with the power to request money transfers, causing companies to issue payments that should have never been authorized.
“There’s almost no limit to the type of businesses that are affected,” said Daniel Leeper, supervisory special agent at the FBI. “The schemes have become so prevalent we’re seeing it cross all types of industries.”
Leeper’s presentation next week at the Columbus Accounting Show will reveal BEC schemes, the internal controls companies can take to prevent them and what to do if you’ve become a victim.
These emails go beyond your typical “Nigerian king” scams. Those are easy to spot because of terrible grammar or spelling or a suspicious email address. The bad guys today have become a lot more sophisticated in how they communicate with potential victims.
“If they can hack or compromise the email of an accountant at a particular business, they’ll take the time to read through the accountant’s emails to get an understanding of not only the types of transactions he’s involved in, but also how he signs his name or use certain phrases,” Leeper said.
Human nature tends toward avoiding conflict, so a person’s first reaction won’t always be to question the boss on a given task, even if it seems out of the ordinary. He warned that ignoring these red flags can mean trouble, explaining that many schemes could be avoided by a quick phone call to verify the source.
Leeper said the FBI sees businesses lose anywhere from $250,000 to more than a million dollars during these schemes. Sometimes businesses don’t realize they’ve become victims until weeks or months after it’s happened, making it very difficult to retrieve any of the stolen money.
He encouraged CPAs to go to the Internet Crime Center to file complaints if they’ve become victims or been targeted, which helps the FBI track possible links between different schemes.
“What we’re really trying to do is educate folks. These are not very easy to spot,” Leeper said. “Be aware of the sophistication of the subjects and be vigilant about scrutinizing certain types of transactions to avoid exposure to loss.”