Business Email Compromises Leading to Large Fraud Losses Statewide

Our Cyber Security Team has notified us of a new cybercrime targeting businesses across the state. In the scheme, known as Business Email Compromise (BEC) or Email Account Compromise (EAC), hackers impersonate a known email contact, such as a vendor, a government agency or a company executive to attempt to gain unauthorized information or access to commit fraud. The hacker’s goal is to take over access to email and financial accounts in order to defraud the business of as much money as they can, as quickly as possible.

Recently, several municipalities have been targeted, one falling victim and leading to $2.3 million in fraudulent transfers. In this particular incident, the criminals appear to have used public information to generate lookalike email accounts to carry out a scheme to defraud the town by draining funds.

While email is a necessary tool for business communication, it is susceptible to many threats and it’s important that all employees are trained to identify them. Providing employee training on cybersecurity threats is critical – and identifying and addressing possible areas of weakness in your business, can stop a criminal in their tracks.

The Federal Bureau of Investigation shares these tips for avoiding an email compromise scam at your business:

  • Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
  • Require strong, complex passwords.
  • Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and take the conversation off line to verify if the request is legitimate.
  • Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
  • Be careful what you download. Never open an email attachment or click on a link in an email from someone you don’t know, and be wary of email attachments forwarded to you.
  • Set up two-factor or multi-factor authentication on any account that allows it, and never disable it.
  • Verify payment and purchase requests in person if possible or by calling the person to make sure it is legitimate. You should verify any change in account number or payment procedures with the person making the request.
  • Be especially wary if the requestor is pressing you to act quickly.

Additional information and resources for business email and cybersecurity can be found at:

If you think you have fallen victim to a scam, please contact us immediately at 603.223.2712 so we can assist with protecting you financial information and accounts.