Connect With Us To Find Out More!
BEC Scams Targeting Your Back Reports
Yes, it is another report about hackers tricking businesses out of money but it’s ultimately positive! You already have the means to beat this scam – your team! Please read and share this with your Accounts Team so they will know exactly what to do if they get targeted. When I read about this scam on https://www.auscert.org.au/ part of me was disgusted, and part of me marveled at how deviously simple this scam is.
Top 12 Scam Email Subject Lines
A recent report that analysed 360,000 BEC emails over three months has found that the list below are some of the most common subject lines used in emails targeting businesses everywhere.
- Follow up
- Are you available?
- Payment Status
- Invoice Due
- Direct Deposit
Money On The Table
Every business has old debtors (clients slow to pay, disputing invoice/s, gone bankrupt etc). Our Accounts teams organise outstanding Invoices into Back Reports to help management track what is outstanding, how long overdue and what prospects exist of ever seeing the money again.
Your bookkeeper or Accountant expects to hear from you at some point to request that data. And this expectation is used against you by scammers to steal your money.
A BEC scam (business email compromise) involves someone contacting an employee within your business, via email, to access confidential or financial information. This one works by using your outstanding debtor details.
Every month or so your Accounts team is expecting to get a request from you for the latest Back Report. Because it’s standard request, little thought may be given by your employee to check an email hyperlink to make sure it’s really from you, and not someone else.
Think Before You Click, Or Respond To An Email
The request arrives: ‘please send me our current list of outstanding debtors, with their email details.’ No money is requested, just the data. Unless your team is security-aware, it’s an easy job for them to attach or copy and paste the requested information to ‘your’ email and hit ‘send’.
Now the scammer has what they need – names, amounts and email addresses – to message your debtors directly. And this is the deviously simple part. The scammer emails your client, masquerading as you, and offers them a substantial discount if they pay out the debt immediately. Everybody wants to save money, so it’s a no brainer for your client. They can get ‘you’ off their back and save money!
Initially your client is happy, the scammer is laughing, and you’ve lost all hope of seeing your money. And then there’s a nasty after-shock. Trust between you and your client is broken, with potentially fatal long-term effects on your monthly billings.
One thing can save your business from this scam – and it’s not technical! (Yes, you do need a firewall, anti-virus and email filtering solutions. However, these won’t stop emails sent by scammers using legitimate hyperlinks.)
Educate and keep reminding your team to double-check details BEFORE replying to an email. Check hyperlinks by hovering your mouse cursor over the link to see – and read – the full pathing. That one step can be all it takes to expose a malicious email.
Ask your Accounts team, or any other employee being requested to email sensitive or confidential information, to take a moment to ring the person making the request. Or open a NEW EMAIL – do not hit ‘reply’ to the initial email – and query the request.
It’s also a good idea to reassure your team you won’t mind them ringing you, even at odd times, to double-check a request. Let them know you’d rather be disturbed in a meeting, or during your holidays, than find out your business has been scammed of money because someone was too frightened to call, or too afraid of looking dumb.
I Want Help With My IT Security
If you have any IT or security concerns please call us on 1800 10 3000 or email [email protected] with any questions you may have. Our expert technical engineers would be happy to help!