Better Business Bureau urges people to watch out for business email compromise fraud from scammers impersonating work colleagues
CALIFORNIA – The Better Business Bureau is urging employees to be wary of scammers who may be posing as bosses or coworkers in phony texts and emails.
This type of scam, known as business email compromise (BEC) fraud, targets people who pay bills and transfer money for businesses and government or nonprofit organizations. Scammers typically pretend to be bosses or coworkers, then delegate tasks like sending money, purchasing gift cards or relaying personal information. According to the FBI, BEC scams cause more financial loss than any other type of fraud in the U.S.
BEC scammers typically use illicit open source tools or lead generation services to obtain employees’ email usernames and passwords, along with the names of people within an organization and their job functions. Once they have that information, they send emails or text messages in which they impersonate a boss or coworker with messages that might say something like: “Hi, I’m tied up in a meeting right now but let me know when you get this message.” People who reply to those messages are then asked to perform a quick task, usually involving the transfer of money or information. Money from these scams is often obtained by scammers through “money mules,” people who move illegally acquired money on behalf of someone else.
Phone and internet scams are not uncommon in Tulare County either. In April, the Tulare County Sheriff’s Office posted a video highlighting a rise in scams targeting county residents, particularly those using apps and websites like Craigslist and Facebook Marketplace to conduct in-person sales.
“The sheriff’s office is aware of several types of scams that criminals are using to solicit money, information, and identification from the residents of Tulare County,” Lt. Steve Sanchez said in the video. “A lot of these scams today can appear very legitimate and are well-orchestrated.”
To prevent these scams, the sheriff’s office recommended that people avoid sending or wiring money, giving out personal information, or purchasing gift cards as a form of payment before meeting sellers in person first. When meeting in person, the sheriff’s office recommends doing so in a public place during daytime hours.
Those who believe they’ve spotted a BEC scam should report it to local law enforcement and to BBB’s scam tracker at bbb.org/ScamTracker.
According to a BBB report, the average BEC loss involving gift cards is $1,000 to $2,000, while the average loss involving wire transfers is $35,000. Instances of BEC fraud tripled between 2016 and 2019, generating more than $3 billion in losses during those years and jumping 50% in the first three months of 2019.
In order to avoid BEC scams, the report recommends that businesses use multi-factor authentication for email logins and train all employees in internet safety, as well as encourage them to confirm any requests by phone before transferring money or information. The BBB also recommends that employees watch out for unsolicited messages containing suspicious links, unusual requests and spelling or grammatical errors.
BEC fraud is the biggest source of losses reported to the FBI’s Internet Crime Complaint Center. On Feb. 16, the FBI published a public service announcement warning people of an increase in BEC scams that are carried out through virtual meeting platforms like Zoom.
“Criminals began using virtual meeting platforms to conduct more BEC-related scams due to the rise in remote work because of the COVID-19 pandemic,” the PSA reads.
In these instances, scammers will compromise an employer’s email and hold virtual meetings “where the criminal will insert a still picture of the CEO with no audio, or ‘deep fake’ audio, and claim their video/audio is not properly working.” They will then instruct employees to transfer funds via the meeting platform’s chat function or through email.