Business Email Compromise

Fraudulent email targeting business clients

Business Email Compromise (BEC) is a sophisticated scam targeting businesses, especially those working internationally. The scams direct operational employees to originate payments by purporting to be from a business principal or executive. The email may originate through a compromised email account at the business or by “spoofing” or obfuscating the source of the email.

Often the email directs employees to execute the payment immediately as the transaction must be closed by end of business. Also, the email may direct the employee to not contact the requestor as they are in a meeting and not available.

Protecting your business can be done at little to no cost. Below are suggestions on how to mitigate the threat of business email compromise. We recommend you engage a knowledgeable resource to evaluate and implement controls in your business.

  • Validate any funds transfer requests submitted through email by personally speaking with the requestor outside of email. This can be done in person or via phone.
  • Validate payables by requiring a purchase order number
  • Maintain a list of vendor payment instructions
  • Verify any change to payable instructions directly with the vendor
  • Maintain strong authentication requirements for email
  • Maintain a list of systems and the access employees have to the systems
  • Review employee system access on a regular basis. Ensure access is appropriate. Remove system access for terminated employees promptly.
  • Educate staff about the risks of executing instructions solely from email
  • Leverage dual control of transactions
  • Develop separation of duties policy and procedures for internal operations
  • Setup account and transaction alerts
  • Reconcile account activity daily

The Commerce Bank of Oregon, a division of Zions Bancorporation, N.A. Member FDIC       Equal Housing Lender NMLS# 467014
© 2018 Zions Bancorporation, N.A.