It’s just a normal day in the office as you check your emails and respond to the clients you need to. You see an e-mail pop-up in your inbox that appears to be from your boss, asking if you can wire over thousands of dollars for an emergency project. Since wiring money is nothing new, you transfer the money over by following the directions the email provided. You see your boss a few hours later and tell them that you sent the money over for the project. Your boss looks at you funny then asks, “What are you talking about? I didn’t ask you to send any money.” That’s when your heart drops to your chest, as you realize you just scammed your business out of thousands of dollars. This happens more often than you think in a series of Business Email Compromise (BEC) Phishing Scams, formerly known as Man-in-the-Email scams.
How BEC Phishing Scams Work
In BEC phishing scams, scammers will send someone an email that looks like an official email address from that business. The email looks legitimate and makes a financial request that seems believable. These emails can ask for a number of things or can come up with a number of excuses as long as the scammer is provided with money. Here are some stories and schemes that these scammers come up with that could potentially fool your employees:
Fake Business Invoices
The scammers pretend to be the company that you ordered supplies from and ask for their money that you owe them. They send you a legit-looking invoice for thousands of dollars, and you send them the money thinking it’s legit. A few hours later, you tell your boss what happened and realize you just gave away thousands of dollars to a scammer.
Pretending to Be the CEO
The scammer pretends to be your CEO of the company and asks for you to wire money into their personal account. Thinking that it’s actually the CEO, you do what they say. You find out later after talking to your actual CEO that it was all a scam.
Hacking the Boss’s or Employees’ Email Account
A hacker gets into your boss’s or another employee’s email and asks for you to wire money over to their department. You do what they say, only to find out after actually talking to them that you just wired a bunch of money to a scammer.
Impersonating Your Attorney
Scammers impersonate your attorney and ask for a payment for their services they supposedly provided. You provide them with the funds, and they constantly ask for more and more money. You find out after talking to your actual attorney in person that they never asked for money, and you sent your money to a scammer.
Stealing Your Data
A scammer can steal your funds with a data breach, which is when a scammer hacks into your business’ security systems and steals your information. They can then access your financial accounts, employee email accounts, and other personal information to scam your business easier.
Needing Gift Card Rewards for the Whole Company
A scammer pretends to be your boss and emails you, claiming that they want to send a gift card reward to everyone in the company. They instruct you to purchase gift cards for everyone, then asks you for the codes of each gift card so they can email them out to everyone in the company. You send them the codes, and they use it for themselves, stealing all the company’s money.
Funding an Emergency Work Project
The scammer pretends to be your boss and asks you to wire transfer money to their account for an emergency project. You send the money over to your boss, thinking that it’s a legit request and email. A few hours later after talking to your boss, you realize that you didn’t actually send money to him and sent it to a scammer instead.
Businesses Affected By BEC Phishing Scams
Facebook and Google BEC Phishing Scams
A thief from Lithuania with the name of Evaldas Rimasauskas was caught laundering money halfway around the world from major California companies that we all know and love: Facebook and Google. He was able to steal $122 million dollars from both of these companies by committing major invoice fraud and forging signatures from the companies while pretending to be a hardware manufacturer from Quanta Computer Inc.
Diesel Jeans BEC Phishing Scams
Diesel Jeans declared bankruptcy due to invoice fraud and store thefts. They lost 1.2 million dollars due to bad investments, fraud, and store theft over the last three years, which led to their plummet. They are no longer being sold at the moment due to spoofers stealing their hard-earned money, but they are slowly trying to get back into cheaper department stores.
Barbara Corcoran from Shark Tank
Barbara Corcoran of beloved television series Shark Tank recently lost $400,000 due to an invoice scam. The person pretended to be her assistant and asked the bookkeeper for a renovation payment. The bookkeeper and Corcoran thought this person was the assistant and they weren’t suspicious whatsoever, so they wired the money to the fake assistant.
Corcoran then emailed her assistant to follow-up about something, and realized that her assistant’s actual email address was just one letter off from the one they wired money to; the scammer misspelled the assistant’s email address by one letter. She thought her money was really gone and would never see it again. Thankfully, Corcoran’s bank asked the German-based bank who received Barbara’s money to freeze the transfer before it was deposited into the scammer’s bank in China.
How to Avoid BEC Phishing Scams
- Double-check the email address and make sure its spelt correctly before sending money.
- Discuss business purchases in-person rather than over an email or phone call.
- Change your passwords to your accounts after a certain amount of days.
- Don’t click on any random links that you are unfamiliar with.
- Don’t give out your personal information over an email.
- Set up two-factor authentication on your accounts.
Social Catfish is Here to Help with BEC Phishing Scams!
At Social Catfish, we identify those who are suspected of scamming our users. If you feel like you were put in a situation where you’ve been scammed and have a tiny-bit of their information, we can help you with our reverse search toolbar. All we need is their name, email address, phone number, social media username, or image to see who it is you’ve really been in contact with about your business.