In late 2022, Dakotaland lending staff observed another outbreak of Business Email Compromise Scams that attempted to defraud our members of hundreds of thousands of dollars. Thankfully, no member or credit union funds were lost! Due to the ease with which the fraud can be executed, this blog post is to make our members aware of Business Email Compromise Scams and how they can be avoided.
Business Email Compromise Scams began to appear in the mid-2010s. They are now the largest form of internet fraud causing annual losses in the billions of dollars. Business Email Compromise Scams most often target law firms, title companies, equipment or vehicle purchase transactions and large business-vendor payment transactions. However, these scams can target large consumer-purpose transactions as well!
In general, Business Email Compromise Scams look to fraudulently intercept or redirect large electronic fund transfers (wire or ACH). The scammers exploit business correspondence by gaining access to email accounts through spoofing, phishing, spear phishing, and malware. Scammers patiently observe business-vendor correspondence, payment data, billing information and forward this out of the compromised email account to build a profile on their potential victim. Scammers then monitor the compromised account and wait for legitimate transactions or payment requests to be received. Scammers complete the fraud by redirecting payments to their own accounts.
There are many red flags that can indicate that a business email compromise scam is underway:
· Deals that are too good to be true – vehicles or equipment being sold far below market price.
· Email correspondence chains interrupted by emails forwarded out to a new email address.
· Email addresses, signature blocks, and other features of an email chain that are incomplete, inaccurate or change suddenly.
· Wire/ACH payment information that does not align with the transaction purpose or seller information.
· Payment instructions that change late in the transaction and with urgency
Dakotaland members are often reluctant to believe they are being defrauded. If you have doubts about the legitimacy of a transaction, please ask credit union staff for assistance. The best method to avoid these scams is to verify payment instructions with direct phone contact using publicly available information obtained outside of email correspondence with those requesting payment.
If you believe you have been the victim of a business email compromise scam, please notify federal law enforcement at ic3.gov.
For additional information, please visit the FBI website at: https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-scams-and-crimes/business-email-compromise