You receive an email from a customer asking you to complete a Request for Proposal (RFP), or view a secure document. The request came from someone you’ve dealt with before, but you weren’t expecting this request. The sender looks right, and your email filter didn’t block it, but who is in control of the sender’s account?
Business email compromise (BEC) is becoming a prevalent tool for scammers. Falling victim to this form of fraud is both easy and potentially costly. Here’s what you should look for, and what to do next.
Signs of Business Email Compromise:
- The sender is trying to create urgency
- The sender is trying to get you to circumvent protocol
- There is threatening language in the email
- The sender is asking you to wire money or change payment details
- The sender is asking you to purchase gift cards or bitcoin
- There an attachment that you don’t typically receive – such as an invoice
- The grammar and tone are not consistent with the sender
What To Do (And What Not To Do):
- Do not respond via email
- Do not open any attachments or click any links
- Do not complete the request
- Reach out to the sender by phone to see if the request is legitimate
- Always verbally confirm any email instructions to change payment methods/destinations