How do I protect myself from email fraud?
At Brex, we care about the security of your information–both within and outside our platform. In this article, we explain how businesses are targeted via Business Email Compromise (BEC)–a type of scam in which an attacker targets a business’s email to defraud the company. When BEC is successful, after gaining control of the email account, the attacker will typically seek to defraud the company or others by impersonating either the company or an employee of the company.
How does BEC happen
The fraudster poses as someone the recipient would know or trust, typically a boss, coworker, or vendor. The fraudster may ask the recipients to make a wire transfer, divert payroll, change banking information for future payments, provide personally identifiable information, or send wage/tax forms. Fraudsters use a variety of impersonation techniques, such as creating copycat websites that appear to be legitimate but actually belong to attackers. They usually provide some form of an attachment or link for the recipient to click. For some BEC attacks, once the recipient clicks on the item, malware is then installed on the recipient’s computer and the attacker can gain access to the recipient’s computer.
How to protect yourself against BEC
Be aware of unusual, out-of-pattern, or urgent requests by trusted employees or vendors. If it doesn’t feel right, it probably isn’t.
Avoid clicking on any links or attachments in a suspicious email or text message, especially if it indicates you will be locked out of an account or prevented from using services if you don’t take action.
Reach out to the sender via other means such as a phone call or video chat in order to verify whether they actually sent the request. Do not try to verify the email by using any of the contact information contained in the email.
Review the email domain and “reply-to” addresses for inconsistencies in the spelling of the sender’s email address or company name. Emails are often spoofed or typo-squatted (also known as URL hijacking) with additional letters like an extra “S”, “O”, or “T” to company names, invoices, or emails.
Set up multi-factor authentication on any account that allows you to do so and avoid using easily identifiable information, such as answers to security questions. Always use unique passwords for each of your accounts, which is easy to accomplish by using a password manager.
Purchase and utilize anti-virus software from a reputable software provider.
How to report suspicious emails
If you identify a suspicious email that appears to come from Brex, avoid clicking on any of the links or downloading any attachments. Instead, please contact Brex Support.
If you’ve sent funds to a destination you believe may be fraudulent, immediately:
Contact your financial institution to report a fraudulent transfer and follow their instructions.
Contact your local law enforcement and file a police report.
File a complaint with the FBI’s Internet Crime Complaint Center https://www.ic3.gov/.