Business email compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts – usually an executive – through social engineering (phishing) or computer intrusion techniques to conduct unauthorized transfers of funds.
Problems in Platte County
According to a recent article in the Kansas City Business Journal, the Platte County treasurer’s office lost more than $48,000, thanks to an email scam. Platte County Treasurer Rob Willard received an official-looking email, which appeared to come from county commissioner Rob Schieber. The email included an urgent request to wire transfer $48,220 to a bank in Florida to pay a state tax consultant. Willard exchanged several emails with “Schieber,” but when he texted the real Schieber to inform him the transaction was complete, the commissioner said he never requested the transfer.
AP Automation and Fraud Protection
How can you protect yourself from this scam? Be suspicious of requests for secrecy or pressure to take action quickly. Always verify changes in vendor payment location and confirm requests for transfer of funds before processing payment. The FBI also suggests creating intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
Another way you can protect yourself from B2B fraud is by automating your accounts payable process. With automation, the key is to create a pattern of permission to where no one person has the ability to: