To print this article, all you need to do is be registered or log in to Mondaq.com.
As updated statistics from the FBI’s Internet Crime Complaint Center show, business email compromise (BEC) programs are increasingly putting money transfers at risk. Between June 2016 and December 2021, reported exposed dollar losses associated with BEC programs were over $43 billion.
The FBI has previously warned construction companies against cyber actors impersonating construction companies to conduct BEC programs.
Now more than ever, construction companies need to put controls in place to recognize and prevent BEC scams and protect their funds transactions.
What is the BEC threat?
A BEC scam targets businesses and individuals making payments by wire transfer. The Email Account Compromise (EAC) portion of the BEC targets people who make payments by wire transfer.
The BEC scam is often carried out when a cyber actor compromises legitimate business email accounts through social engineering or computer intrusion. The result is an unauthorized transfer of funds.
The FBI has observed cyber actors posing as construction companies to conduct BECs to defraud entities with which construction companies are involved in large-scale projects. Cyber actors consult various publicly available sources to collect information about construction companies or entities with which they do business. Armed with information such as project costs, bidder information, and party contact information, cyber actors can create fraudulent messages specific to these relationships.
Cyber actors also register domains deceptively similar to the domain of the legitimate construction company, then use these “spoofed” domains to create email accounts and send fraudulent emails containing a request to update room information. clearing (ACH) or direct deposit account. If the employee receiving the scam email does not acknowledge the issue and update payment information as requested, new payments will be sent to an account created by the scammer, potentially costing the business thousands to millions of dollars in fraudulent transactions.
Dealing with the BEC threat
Construction companies can take several steps to deal with the threats presented by a BEC scam:
- Verify all payment changes and transactions in person or via a known and established phone number. Continue to ensure that contact details are current and up-to-date.
- Check email addresses carefully for slight changes that can make fraudulent addresses appear legitimate and look like the names of real companies.
- Have strong approval procedures in place to verify account change requests to prevent financial loss.
- Enable security features that block malicious emails, such as anti-phishing and anti-spoofing policies.
- Educate employees about BEC scams, including preventative strategies such as how to identify phishing emails and how to respond to suspected compromises.
- Educate customers about BEC threats and your company’s mitigation methods, such as notifying customers of internal processes for changing or updating ACH banking information.
Security is a continuous process
The pace of change in computer technology and communications can be bewildering. However, identifying and understanding payment information risks, and the tools construction companies have to deal with those risks, helps make this ever-changing process more manageable.
Originally published June 13, 2022
The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.
POPULAR ARTICLES ON: U.S. Real Estate and Construction