Business Email Compromise Can Cost you your business
If you had to receive an email from one of your trusted suppliers right now asking you to change the bank account you use when processing their invoices, you might be tempted to make the changes as a matter of course.
That’s exactly what happened to the popular nonprofit newspaper The Big Issue recently as business email compromise (BEC) ended up costing them R600 000 and almost led to their closure.
Online fraudsters take money from the homeless
The Big Issue is a household name across South Africa, and is often sold at robots and in other public places by merchants from the homeless community.
The newspaper provides employment for some of the country’s most vulnerable people, and has survived for many decades on the basis of charitable sentiment from the general public. Unfortunately, that wasn’t enough to prevent fraudsters from targeting the newspaper in a recent business email compromise scam.
Here’s what happened
- The paper’s publisher received an email, supposedly from its printers, requesting that all future payments be sent to a new bank account.
- In case there was any question about the “legitimacy” of the request, a bank account certificate from FNB complete with reference numbers was attached to the email.
- Acting in good faith, the editor went ahead and processed the request and by the time the printers and the newspaper had realised what had happened, over R600 000 had been transferred to a fraudster’s bank account which has subsequently been drained.
The Big Issue is now battling to survive and is requesting emergency help from the public in the way of donations or a subscription to the magazine. Sadly, many other businesses across the country are falling prey to similar scams.
To avoid becoming the next victim of business email compromise, you’ll need to be extra vigilant – both when you receive business email or if you get a query from a client referring to an email that they say you’ve sent but clearly isn’t from you.
How to avoid business email compromise scams
- Use multiple factor authentication. This will ensure that only authorised users can access your company email.
- Check email domains carefully. An email isn’t legitimate just because it claims to be from a company or individual. Verify that the domain is correct and compare it to previous mails you’ve received in the past.
- Don’t take action until you’ve verified the request. A follow up phone call or in person meeting can give you 100% certainty that the email request is valid.
- Invest in fraud insurance. Knowing that you’re covered financially will be a great relief in the current climate of cybercrime.
- Secure your data. A firewall, data access management, and secure cloud storage are all ways to make your email and other information harder to compromise.
Soteria’s range of secure cloud storage solutions with advanced encryption are the ideal choice for businesses facing the risk of cyberattacks and online fraud. Get started on your journey to data security with us today.