Online business bank account: the fraud of the Business Email Compromise

Online business bank account: the fraud of the Business Email Compromise

Hundreds of Italian entrepreneurs, since the beginning of 2018, have found some nasty surprises on their online business bank accounts. It’s a kind of hacker attack called Business Emails Compromise (Bec), the cyber fraud that has caused damage of one million euros.

What does it consist of exactly?

The hackers are able to intercept the telematic communications of the companies modifying the invoices and replacing the real iban with the fictitious one chosen by the cheater. Also known as the “CEO fraud“, because it tricks managers or employees of companies into making a transfer to a bank account. This mechanism is not easy to discover because fraudulent messages do not contain suspicious links and are sent from legitimate email accounts with tailored contents for each recipient. It is therefore not the usual mechanism of phishing (sending emails that imitate those of banks and requiring the inclusion of the bank details) against which several defense strategies have already been implemented, including softwares created specifically for this kind of scam. The BEC is a more insidious mechanism, it’s so complex that it has already claimed many victims among those who have made payments above 1,000 euros to large companies, especially those operating in the construction field.

How to defend yourself against this kind of scam? The password is always “prudence”

In particular we recommend you to:

  • do not rush to make wire transfers but contact the applicant first;
  • do not reply directly to the email but contact the sender using the e-mail address and the phone number in the address book;
  • obtain an email protection system in order to block any attacks that may lead to a scam BE;
  • often check your online business bank account, constantly monitoring the list of movements;
  • pay particular attention to the emails coming from the CEO: if an email from this account contains a particular or unusual request, it would be better to verify the identity of the sender;
  • appropriately educate users by introducing a training program to be repeated periodically to teach how to identify a BEC attack.

    If you are interested in receiving information about opening a secure and reliable online business bank account, contact our experts.