Email Scam Report –
Payroll diversion schemes are one the rise
The FBI’s Internet Crime Complaint Center (IC3) says that Business Email Compromise (BEC) scams are continuing to grow with a 100% increase between May 2018 and July 2019.
Besides the run-of-the-mill scams where fraudsters redirect wire transfers to their own accounts instead of a business partner, IC3 has also recently started to see payroll diversion schemes where payroll is diverted to a third party scammer.
BEC reported loss
Defensive measures against BEC scams
Use secondary channels or two-factor authentication to verify requests for changes in account information.
Ensure the URL in emails is associated with the business it claims to be from.
Be alert to hyperlinks that may contain misspellings of the actual domain name.
Refrain from supplying login credentials or PII in response to any emails.
Monitor their personal financial accounts on a regular basis for irregularities, such as missing deposits.
Keep all software patches on and all systems updated.
Verify the email address used to send emails, especially when using a mobile or handheld device by ensuring the senders address email address appears to match who it is coming from.
Ensure the settings the employees’ computer are enabled to allow full email extensions to be viewed.
In addition, to make sure that their employees will not fall victims to attacks, companies have to implement strict processes to check payment info changes. This includes both face-to-face meetings and/or direct phone calls when any changes to payment information are being detected.
IC3 provides the following guidelines for employees containing both reactive measures and preventative strategies:
If you discover that you are the victim of a scam, you have to immediately get in touch with your financial institution “to request a recall of funds and your employer to report irregularities with payroll deposits.”
The FBI also suggests to “file a complaint regardless of the amount with www.ic3.gov or, for BEC/EAC victims, BEC.IC3.gov.”