How to Spot a Business Email Compromise Scam

man entering in credit card information to phone

Business Email Compromise (BEC) scams are a significant threat, where criminals impersonate your boss or coworker to trick you into sending money or sensitive information. These scams are highly lucrative, with the FBI reporting losses of $26 billion annually. Understanding how these scams work and how to identify them is crucial for anyone working in an office environment.

  • Always be wary of emails that create a sense of urgency. Scammers often use emotional manipulation to make you act quickly without thinking. If an email makes you feel stressed or rushed, take a moment to calm down and reassess the situation. Cybersecurity experts emphasize the importance of staying composed and questioning the urgency of such requests. If an email asks you to keep something confidential, be extra cautious, as this is a common tactic used by scammers to isolate you from your colleagues.
  • Confirm the legitimacy of the request through a different communication channel. If you receive an urgent email, don’t rely on the contact information provided in the email itself, as it could be fake. Instead, using a phone number or contact method you know is legitimate to verify the request. This could involve calling the person directly, using a secure messaging platform like Slack or Microsoft Teams, or even speaking to them in person if possible. It’s better to take a few extra minutes to confirm than to risk falling for a scam.
  • Check the email address carefully. Scammers often use email addresses that look similar to legitimate ones, hoping you won’t notice the difference. Always verify that the email address matches the company’s domain and look for subtle discrepancies. Additionally, check the email signature and any links provided to ensure they are consistent with the sender’s usual communication style. If something seems off, it’s worth investigating further.
  • Follow your company’s established protocols for financial transactions and sensitive information. Many scams can be avoided by adhering to proper procedures. For example, requests for large purchases or changes to financial information should go through official channels and require multiple approvals. If an email asks you to bypass these processes, be skeptical. A legitimate request will follow the company’s standard procedures and leave a clear paper trail.

Leaders within organizations should foster a culture of open communication. If employees feel comfortable discussing suspicious emails and verifying requests, the company is less likely to fall victim to scams. Leaders should avoid creating an environment where urgent, confidential requests are the norm, as this can make it easier for scammers to exploit employees. Encouraging transparency and regular communication can help build a stronger, more resilient organization.

Original article courtesy of wired.com

Enhance Your Business Security with Expert Cybersecurity Solutions. Click here to learn more and download shawcsIT’s free services overview catalogue.