Business email compromise is one of the most financially damaging online scams for businesses, and it is the top scam we believe you need to be aware of as a professional or business owner. It can target your employees as well as your customers so learning how to identify it and spreading preventative knowledge with your contacts is crucial.

It starts with an email that appears to be from a known source making a legitimate request such as:

• An executive at your company asks you to purchase gift cards to use for employee rewards
• A vendor you use sends an invoice with an updated mailing address
• A government agency claims you owe taxes or need to renew a business license or registration
• A well-known company tells you there’s a problem with your website URL or computer security
• An unexpected password reset comes from one of your company’s accounts

It could also happen to your clients and customers, where they receive a fake invoice, new wire instructions, or other requests from someone pretending to be your business.

How to Protect Your Business

• Train your employees in identifying potential threats and examining unsolicited emails and texts carefully. They are the first line of defense against attempts to defraud your company.
• Call the actual customer or payee using a known number, not included in the new email or text, to verify any changes made to the email address, contact phone number or payment/wire instructions prior to making any changes or sending any money.
• Limit employee access to your business’ financial information and purchasing power to those that know how to keep your assets safe.
• Create an authorization process for making purchases and payments and ensure documentation is kept of all orders and invoices so you can quickly detect bogus transactions.
• Protect company devices, files, and networks. Ensure you have property computer protection and firewalls in place. Encourage employees to use strong passwords that are changed regularly as well as two-factor authentication. Provide individual logins for each employee so you can control access properly.
• Establish procedures for dealing with potential scams. Set guidelines on the types of information that should not be shared and a way to report suspected fraud both inside and outside of the company.

As a Southern First client, our team is dedicated to helping you protect your assets. Don’t hesitate to reach out with any questions and concerns. Remember, the quicker you can report potentially fraudulent activity, the better.