At ADCB, we take your financial security as seriously as you do. It is our promise to help you always protect yourself.
We’ve put together some important information we want to share with you regarding a method of email fraud known as Business Email Compromise (BEC) which is gaining popularity and causing substantial losses to commercial enterprises.
What is Business Email Compromise?
- Business Email Compromise is when the fraudster infiltrates company communications and manipulate employees into making payments to a bank account under their control
- The impostors carefully study their targets to gain information about the company’s employees either by way of phishing or by directly hacking the company computer network or email infrastructure
- The impostor may gain direct access to company email accounts or create an email address that looks very similar to those belonging a company executive such as the CEO or CFO e.g., firstname.lastname@example.org vs email@example.com. The difference in the fake email address will be very subtle and easy to overlook
- The fraudster then sends an email either originating or appearing to originate from the company executive to the finance department, instructing them to make payment to a specific beneficiary. Employees may be reluctant to approach senior executives to verify these payments and fall prey to the scam.
How do I identify a fraudulent email?
- Unusual email requests from company executives
- Payment instructions via email or not following normal company protocol
- Payment requests marked as ‘urgent’
- Requests to keep the payment confidential
- Emails containing spelling mistakes and poor grammar
- Requests to change creditor bank account details
How do I protect my business?
- Ensure that your staff are made aware of how BEC is perpetrated
- Configure your email system to display a notification for all emails originating from outside your organisation
- Verify all suspicious or unusual payment instructions with the initiator using a different communication channel. Don’t simply reply to the email requesting the payment as you may be responding to the fraudster
- Carefully check the spelling of email addresses
- Keep anti-virus, firewall and malware protection up to date
- Contact your suppliers and business partners using known or public directory details to verify all requests to change bank account details
- Enable spam filters, anti-spoofing and block access to suspicious websites
- Don't click on any email attachments or web-links sent to you by unknown entities
General Security Precautions
- Avoid simple passwords or PIN numbers such as your date of birth and change your passwords periodically
- Shield your PIN from third party observers when using an ATM or Point of Sale device
- Ensure that your cheque book is kept in a secure location
- The Bank will not be held responsible for losses incurred where customers have divulged confidential bank passwords and Personal Identification Number (PIN) to third parties.