Blog

Identity Verification – Key to Eliminate BEC Fraud

James Efron
October 10, 2019
7 minutes read
3268

Fraud prevention and cybersecurity are the major concerns of the companies in the digital era. Norton predicted that cybercriminals will steal an estimated 33 billion records in 2023. And misuse of such information is a common practice. Fraud comes unannounced so the businesses need to adopt a proactive approach towards such events. Fraud prevention is a continuous process. For example, if you perform KYC and AML screening before onboarding your customers and do not practice it at the time of every transaction you are leaving a loophole for a Business Email Compromise (BEC) fraud.

BEC fraud, also called CEO fraud is very common because most of the communication is online. The criminals do a lot of research before targeting an entity for BEC fraud. In this fraud, the criminals will send an email or make a call for urgent fund transfer to a company impersonating as one of their customers or merchants

BEC fraud is executed in a very friendly way. The criminals either manipulate the person with a friendly chat or by showing urgency in fulfillment of their fund transfer request.

For example, 50 years old Evaldas Rimasauskas tricked Google and Facebook to wire more than $100 million to his bank accounts.

The man researched a merchant of Facebook and Google namely, “Quanta Computer” and registered a firm with a similar name. Then he sent fake invoices and contracts to make the fraud appear more natural.

He tricked the employees of both companies into wiring money to his bank accounts in Latvia and Cyprus. Then he transferred the funds to his bank accounts in Hong Kong, Hungary, Cyprus, Slovakia, Latvia, and Lithuania to hide the money trail.

How is a BEC Fraud Executed?

A BEC fraud starts with a lot of research about entities (businesses that could be the soft targets for the fraud. The criminals collect information related to the merchants or customers of the company that has their payments pending. Once they have the information the criminals will make an email ID quite similar to that of your client’s email ID and contacts one of your employees. At times the criminals use the legitimate email ID of your customers because one of your customers might have been careless about securing their email credentials.

This fraud could also be executed the other way round. The criminals might use your email credentials to contact your merchants and clients for fund transfer of pending payments. Your clients will make the payments and you will have to bear a financial loss if your legit email credentials are used for the execution of the fraud.

The contact is mostly conducted through a casual email like asking about your last vacation or your health. Once they break the ice, they will send a friendly email regarding the change of their account details or for an urgent fund transfer.

Not suspecting anything suspicious the employees often fulfill the request, quickly due to the urgency created by the criminal.

Often the criminals send fake invoices as well with the official header or logo of one of your clients. Or they make calls impersonating as the CEO of your client company to make things look more natural.

Also, in most of the email compromise frauds, the criminals ask for a wire transfer and leverage over the confidence that companies have in security protocols practiced in wire transfer fraud.

Industries That Are Common Victims of BEC Fraud

Banks

Banks are the most common targets of BEC fraud as they are the financial intermediaries and serve a diverse clientele. Banks around the globe are struggling to retain their customers after the advent of fintech and are always in contact with their clients. Receiving wire transfer requests from customers is common for banks. When they receive any such email for urgent transfer from a credible client the employee often tries to fulfill the request at the earliest to retain happy customers.

Real estate

Real estate is also a common victim. The criminals collect information regarding some ongoing real estate deals and contact the buyer as the legal representative of the seller and request a fast payment or clearance of dues.

As the deal is in the closing phase the buyer does not suspect anything suspicious and makes the transaction.

B2B Businesses

In this case, the criminals target the companies in a B2B relationship. The email ID of the CEO or legal representative of one of the companies is exploited in such cases. The criminals collect complete information regarding the previous email communication among the two companies and use it to send an email with a natural casual tone.

How to Prevent BEC Fraud?

BEC fraud has caused huge losses to many businesses of all sizes and types, even the non-profit organizations have been the victims of this fraud. FBI’s Internet Crime Report (ICR) found that BEC fraud losses rose by 90.3% in 2018 and fraud complaints rose by 14.3%.

Businesses of all types and sizes need to pay heed towards the prevention of BEC fraud. It not only cause financial loss but also affects the credibility of a company. Below are a few suggestions for preventing BEC fraud.

Identity verification of every request of wire transfer

Most of the businesses use online communication, but do not understand the significant risk lurking in the cyberspaces. Businesses need to develop and practice in-house fraud prevention measures to counter any BEC fraud attempt.

Businesses should use verification methods to screen every such request. Ask the email sender to go through a real-time identity verification process every time a customer makes such a request. The verification could be performed through face recognition or 2-factor authentication.

Online identity verification is a feasible solution as it shows quick results and does not cause any inconvenience for the end-user. Also, the visible security measures will show your commitment to the security of your merchants or customers.

Train your employees

Employees of companies are the common victims of BEC frauds. The criminals choose a soft target that is easy to manipulate for wire transfer fraud or a phishing scam.

So, the employees must be trained on a regular basis, regarding the latest trends in cybersecurity and the types of cybercrimes. This will help them to identify suspicious emails and fake fund transfer requests.

The training could be based on the following pointers:

Do not open any emails that are way too attractive, it might be a phishing email.
Beware of urgent payment requests from your merchants.
Tackling the account credential change request from your customers/merchants
Very casual and friendly email from your merchants
Train them about the technical aspects of fraud prevention software used in your company

Report the concerned authorities

As soon as you find a BEC fraud, report it to the concerned authorities. It will protect the company from such attacks in the future. Also, it is the corporate and legal responsibility of the businesses to report such fraud attempts for the benefit of the masses.

Email security

Using email security filters help in analyzing and detecting any threats in the email messages. Also using the filters for detecting the newly registered domain names similar to your domain name helps in finding the potential risk before it could cause any harm.

Such filters help in identifying and stopping spoofing emails from reaching the mailbox of the employees.

To wrap up, BEC fraud is a planned crime and businesses need to be proactive to eliminate such frauds. Caution in sharing contact information and basic identity verification of the person making such fund transfer requests is necessary to eliminate the chances of becoming a victim of BEC fraud. In-depth verification of clients and merchants before making transactions helps in eliminating the risk at the very first stage. These minimal and easy steps might prevent a huge loss for your company.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
A Trust Company Penalised for Opening a Doorway to Money Laundering
How is a BEC Fraud Executed?
Identity verification of every request of wire transfer
A team of accountants and economists have been fined by a court in Channel Island for neglecting obvious risks related to corruption and embezzlement. They were involved in providing services to a company working with the government of Angola. The company is an investment management firm.

Jersey’s Royal Court took a decision this week to penalise the LGL Trustees Ltd. A sum of $835,000 has been fined to the firm for violating two of the island’s anti-money laundering compliances. The company has already pleaded guilty in December 2020.

The judgement analysed that, from 2010 to 2016, LGL firm took more than $1 million for providing their services to Angola’s management sovereign wealth fund. These investments were reviewed by Jean-Claude Bastos de Morais. According to the prosecutors, a questionable and huge amount of fees was paid to Bastos. The banks were reluctant to work with Bastos but the trust company accepted the work and opened a doorway for the possibility of money laundering.

Bastos is known to have close relations with José Filomeno Zénu dos Santos, who was appointed by the President of Angola to manage the sovereign wealth funds of the Country. Both Bastos and dos Santos were previously charged with embezzlement in 2018. Bastos denied the charges and settled the case with the authorities. Zénu was, however, sentenced to some time in prison for a fraud case.

A BBC journalist revealed the Bastos’ personal windfall being part of the Paradise Paper investigation. The leaked financial records also revealed that Bastos was given a total amount of $41 million in 20 months. Experts called this very unusual arrangement for the sovereign wealth fund of Angola.

Bastos’ lawyers said that the “Jersey case involved no findings that any crime had been committed, by anyone including Bastos and his company, Quantum Global.”

The lawyers also pointed out the previous allegations made by Angola’s sovereign wealth fund against Bastos and his firm Quantum Global were dismissed by the court. The company was subjected to due diligence.

Jersey’s Royal Court said that “While Angola’s wealth fund and investments were not in themselves suspicious, LGL’s “ineffective” approach missed red flags.”

The prosecutors said, “The firm took the risk of being involved in the diversion of tens of millions of dollars of public funds of one of the poorest countries in the world to its corrupt rulers, and their relatives and associates.”

Identity Verification – Key to Eliminate BEC Fraud

How is a BEC Fraud Executed?