Mobile Menu Locations Contact

The Latest from Columbia


Recent Fraud Trends: Business Email Compromise

by Karlie Watts | Jul 22, 2019

As your community partner and your bank, we feel it is important to share fraud trends as they occur and provide resources and information to help you avoid fraudulent attacks. Recently, we’ve noticed an uptick in trends associated with Business Email Compromise (BEC) or spoofed emails purporting to be from a trusted source with which you are familiar. While these fraud trends originally included wire transfer requests, we have observed a more current trend associated with the “Direct Deposit Scam,” targeting Payroll and Human Resources departments within an organization. Read on for detailed information about these types of attacks, and tips on how to identify and avoid falling for these attacks.

Types of Business Email Compromise
The BEC scam often starts with phishing emails sent by fraudsters that are designed to capture the login credentials of the business' CEO, CFO, and/or personnel in Payroll or Human Resources. When successful, the fraudsters begin performing reconnaissance by reviewing how the email account owner communicates, with whom they communicate, and who has the authority to move money within the business. Armed with this information, they will attempt to create trust in future communications by performing one or all of the following actions:

  • Create a spoofed email account that is a slight variation of the actual email account compromised.
  • Create a spoofed email account of persons with whom the compromised email account holder communicates.
  • Send emails from the compromised account to unsuspecting recipients.

Direct Deposit Scam
With the Direct Deposit Scam, the fraudsters will use information obtained to understand procedures associated with making changes to the target bank account associated with employee payroll direct deposits. Next, an email is sent to the person(s) with authority to make this change, typically Payroll or Human Resources personnel, with a new bank account and routing numbers that the fraudster controls. Once changes are made to payroll files and originated through the bank, the fraudsters have successfully stolen the money. Most employees will notice the missing payroll and report it, albeit too late for the bank to recover the funds for the business.

Fraudulent Invoice Scam
With this type of scam, the fraudster will send an email request for an invoice to be paid via wire, ACH, cashier’s check, etc. In some instances, they will ask for existing invoices to be paid to a different bank or account number, citing changes that they have made. In other instances, they will pay an invoice with a check greater than the requested amount and ask for the difference to be sent to them.

Stay Safe
To avoid becoming victimized by these scams, you should consider the following tips:

  • Call or meet with the originator in person to verify the request prior to processing a transaction.
    • Always call a number on file as opposed to one supplied in the email.
  • Avoid replying directly to any suspicious email so the criminal does not know your email address is valid and target it in the future.
  • Communicate details of any attempted or potential fraud with all of your employees so they can remain vigilant.

If you do become a victim of a scam, make sure you do the following:

  • Contact your financial institution and report the incident as soon as possible.
  • File a report with the FBI’s Internet Crime Complaint Center.

We are here to help keep you and your information safe. Whether we are providing tips on how to stay safe, sharing the most current fraud trends or monitoring your accounts for potentially fraudulent activity, you can rest assured that we work around the clock to protect your information from fraudulent activity.

 

Share:

connect nearby or online

Click to Share Your Location

We'll find a branch near you. You can also visit the locations page or contact us.

Enter a zip code to find the
nearest branch
submit

Connect with CB

Consider This

May we interest you in...



Follow Columbia Bank