Fraudsters are using the coronavirus pandemic as an opportunity to steal money, and personal information, from businesses.
In the first three months of the year, the Tampa division of the FBI saw about $8 million in losses associated with Business Email Compromise schemes. In comparison, the office saw about $4.5 million in a single week during the COVID-19 pandemic, according to Special Agent Andy Sekela, a supervisory agent in the Tampa office.
A BEC is a scam strategy that targets people who perform legitimate fund transfers as a part of their normal business routine.
A typical BEC scheme sends out emails and the recipient receives it and believes it’s from a legitimate business associate.
“We need to be especially vigilant at this time,” Sekela says.
With more people working from home, some maybe for the first time in their careers, securities can be less stringent than what people have in their places of work. Also factor in fatigue, stress and distraction, the hackers and scammers know people are vulnerable, Sekela says.
“The bad guys are taking advantage of this situation. It’s their job to rip people off,” he says. “It’s a perfect storm.”
In a TBBW Virtual Connect, Robert Hessel, CEO of Source 1 Solutions in Clearwater, agreed.
“It’s an opportunistic time for these folks, so you can be sure that the ramp-up of cyber threats are double, triple, maybe even quadruple of what they were,” Hessel says. “Don’t click links right now. Even if it looks legit.”
According to a press announcement from the FBI, recent examples of BEC attempts include:
- A financial institution received an email, allegedly from the CEO of a company who had previously scheduled a transfer of $1 million, requesting that the transfer date be moved up and the recipient account be changed “due to the Coronavirus outbreak and quarantine processes and precautions.” The email address used by the fraudsters was almost identical to the CEO’s actual email address, with only one letter changed.
- A bank customer was emailed by someone claiming to be one of the customer’s clients in China. The client requested that all invoice payments be changed to a different bank because their regular bank accounts were inaccessible due to “Corona Virus audits.” The victim sent several wires to the new bank account for a significant loss before discovering the fraud.
Red flags of BEC scams include:
- Unexplained urgency
- Last-minute changes in wire instructions or recipient account information
- Last-minute changes in established communication platforms or email account addresses
- Communications only in email and refusal to communicate via telephone or online voice or video platforms
- Requests for advanced payment of services when not previously required
- Requests from employees to change direct deposit information
The FBI also recommends the following tips to help protect yourself and your assets:
- Be skeptical of last-minute changes in wiring instructions or recipient account information.
- Verify any changes and Information via the contact on file—do not contact the vendor through the number provided in the email.
- Ensure the URL in emails is associated with the business it claims to be from.
- Be alert to hyperlinks that may contain misspellings of the actual domain name.
- Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s email address appears to match who it is coming from.
“I can’t overemphasize the importance of awareness and vigilance. Know what schemes are out there and know what red flags to look out for,” Sekela says.
If you discover you are the victim of a fraudulent incident, immediately contact your financial institution to request a recall of funds and your employer to report irregularities with payroll deposits. As soon as possible, file a complaint with the FBI’s Internet Crime Complaint Center at ic3.gov or, for BEC and/or email account compromise (EAC) victims, bec.ic3.gov.
Also, Special Agent Sekela says to call your local FBI office to immediately report the scam.
“It makes a huge difference if we find out about these fraudulent transfers in the first 48 hours,” Sekela says.
