Business Email Compromise (BEC)

A sophisticated scam targeting people and businesses everywhere

What is it?

Business Email Compromise (BEC) is a sophisticated scam using email and/or other electronic communication to impersonate a business executive, employee, or other person with authority to request payments or access to employee payroll and W2 information on behalf of a business.

How does it work?

A BEC scam may begin when a legitimate user downloads malicious software (malware) by clicking on a malicious attachment or link in a spam or phishing email; or acts upon a spoofed email payment request crafted to look like it came from a company executive. An example of such a spoofed email address from ceo@abc_company.com might appear as ceo@abc-company.com. In cases where malware or malicious links are used, the malware can provide criminals with full control of the user’s computer, including access to passwords, documents, and email. Alternatively, criminals can obtain a user’s email login information if it was stolen previously and sold online. In either case, the criminal’s goal is to assume the identity of the legitimate user and request new payments, change the banking information of pending payments, or request copies of employee records for some alleged payroll purpose. Prior to executing the BEC scam, more sophisticated cyber criminals may even monitor business communications for extended periods of time in order to understand operating procedures and the communication style of the individuals they want to impersonate. While email is most common, sophisticated BEC criminals have also used a fax or phone call to confirm or follow up on an email request to send money.

Who is being targeted?

The BEC threat is highly adaptable and constantly evolving, but criminals have been particularly active in targeting small to large companies and individuals which may transfer high-dollar funds or sensitive records in the course of business. As such, the following industries are popular with criminals utilizing BEC scams:

  • Third Party Payroll
  • Real Estate (Buyers, Sellers, REALTORS®, Title Companies)
  • Legal Services
  • Import/Export
  • Education, Government, and Healthcare Sectors

What are the warning signs?

  • An email request to change established wire transfer, payment procedures, or bank deposit instructions
  • A request that the payment be expedited
  • A requestor who indicates he/she will be out of the office and/or will not be readily available for re-contact
  • A requestor that is seeking sensitive employee payroll or W2 information by email

What can you do?

  • Require a secondary, independent verification of any payment requests or changes to existing beneficiary accounts.
  • Use complicated passwords or long phrases for company and personal email accounts, change passwords regularly, and do not use the same password for multiple accounts.
  • Use complicated passwords or long phrases for company and personal email accounts, change passwords regularly, and do not use the same password for multiple accounts.
  • Avoid doing formal business on free web-based email accounts; establish a company domain name and limit formal communications to company email accounts.
    • Additionally, your email software may have a “recent activity” option that allows you to see the most recent locations from which your email account has been accessed. These locations reflect either your physical location or that of your ISP. If you see other locations listed, this may be a red flag that an unauthorized party is accessing your email.
  • Have your IT department create intrusion detection system filters that flag emails with extensions that are similar to company email. For example, a detection system for legitimate email of ceo@abc_company.comceo@abc-company.com.
  • Educate employees and IT staff on the latest trends by attending training and conferences, and through other online resources. A company which outsources their payroll and IT should ask those providers to outline the steps they take to protect the integrity of company data and networks.

What to do if you are a victim

  • Immediately contact your bank and initiate a recall.
  • Contact your local FBI office.
  • File a detailed complaint at http://www.IC3.gov and review additional resources under the “Press Room” link.
  • Change email passwords and check your email account for any changes to your mailbox rules, such as Mail Forward, Delete, CC, or BCC.
  • Change all e-banking and/or other pertinent passwords, pins, and security questions and answers.

For more information, please visit: http://www.ic3.gov/media.

Materials Courtesy of the Department of Justice and the Federal Bureau of Investigation

Last modified: Friday, December 1, 2017
December 2017

December 2017

Business Email Compromise (BEC)

Business Email Compromise, a sophisticated scam targeting people and businesses everywhere.

Straight Talk with Realcomp about N.A.R.’s Recent Approval of “MLS of Choice”

Watch this video to learn from Realcomp’s CEO, Ms. Karen S. Kage, about N.A.R.’s recent approval of “MLS of Choice” and how this will benefit MLS Subscribers in 2018!

The Gift that Keeps On Giving … The ShowingTime App

The ShowingTime mobile app can help you complete tasks while you are with clients or between meetings. Here are just a few of the things you can check off your list while on the go

This Week’s Featured Social Media Account is Facebook!

What can Facebook do for you as a REALTOR®? Put you in touch with potential customers. Everyone, of all ages, is on Facebook. And, even those who use other types of social media come back to Facebook to communicate with this particular audience. Many people when looking for a car, a painter, a plumber, or a REALTOR® ask their Facebook friends for recommendations. Not being active on Facebook means missed opportunities. Additionally, Facebook is an excellent way to share photos, videos, and gener

This Week’s Featured Social Media Account is YouTube!

YouTube is an excellent way to share videos. When you visit and subscribe to Realcomp’s YouTube channel, you will have access to training videos and other resources that you won’t want to miss! Recently Realcomp launched testimonial videos featuring several of your REALTOR® peers, Brokers and even a client.

Way to Go Realcomp REALTORS® on Your Usage of Realcomp’s InfoSparks Statistical Tool!

During the month of October, you generated over 401,660 views of property statistics through charts that were shared or embedded on websites! You also viewed charts in the program over 17,800 times during the month.

When Is My Showing Finished?

ShowingTime has implemented a brand new feature in the ShowingTime Mobile App to help notify sellers when a showing is finished!