Business email fraud is a highly specific and targeted tactic used in phishing emails for monetary gain. Would you rather learn how to spot one, or cost your company thousands? Hopefully, it’s the former because this blog shares insights into:
- What is business email fraud?
- How to spot it.
- 3 steps if you receive a business fraud email
What is business email fraud?
We hinted at it above yet let’s dive into what business fraud is. Business fraud (also known as CEO fraud or business email compromise) is when a business leader or executive sends an urgent request for an exchange of money with a third party. These requests often correlate to strategic events taking place in their personal or professional lives. Common requests include:
- Pay unexpected invoice immediately
- Wire a large sum of money to third party
- Buy 100 Apple gift cards from a specific link
In any case, large amounts of money are lost – and not retrievable. Since the monetary value is high, attackers spend time researching targets to create accurate asks that are relevant to operations or correspond to life events.
3 steps if you receive a business fraud email
There are three best practices to do when you suspect business email compromise.
- Use common sense. If it smells like a fish, it is probably a fish.
- Do not reply or share any information.
- Call the sender directly or start a new email chain to confirm the requested action. It is better to follow up with the individual than to cost the company thousands of dollars.
Remember the theme of business fraud emails is financial requests. Those in accounting, HR and management should be aware and educated on business fraud to prevent detrimental attacks. People are the last line of defense, let’s #BeCyberSmart.