How to detect Business Email Compromise scam
By Rotimi Onadipe
The Hushpuppi Saga is a trending story that many people have shared severally on different social media platforms around the world. It had also generated a lot of controversies. However, we need to ask ourselves a very important question about this trending story.
Why is it that so many victims fell for the scam?
The answer is simply because the defrauded victims had little or no knowledge about “Business Email Compromise Scam” which was the strategy used by Raymond Abbas aka “Hushpuppi”.
What is a Business Email Compromise?
Business Email Compromise (BEC) is a kind of fraud in which cyber criminals hack into a corporate email account and impersonate the real owner of the email account in order to lure the company, its employees, partners, or customers into transferring money or sensitive information to the cyber criminals or divert their payments to another account created by the cyber criminals.
How it works:
The cyber criminals will do a thorough research about the unsuspecting companies through their profiles, websites, social media posts, YouTube channels, journals, press release etc.
Alternatively, they will create an email address that is very similar to that of the unsuspecting companies’ email address. In some cases, they will disguise as the director, partner, lawyer, or customer of the targeted companies and use their identities to obtain personal or sensitive information through email.
Research revealed that Business Email Compromise Fraud had already cost the United States Businesses at least $1.6 billion in losses from 2013 till date.
A typical example of a Business Email Compromise (BEC) was recently reported in the news and has gone viral on social media with thousands of views within few days of the report. In the report, a 38-year-old Nigerian, Raymond Abbas aka Hushpuppi was arrested along with 11 others by the Dubai Police. They were accused of being involved in a “Business Email Compromise” and other forms of internet fraud in which 1,926,400 victims were said to have been targeted by the syndicate.
The major reason why so many unsuspecting individuals and companies fall victim to Business Email Compromise Fraud almost every day is because they lack vital information about it.
How can you protect yourself or your company against Business Email Compromise (BEC) Scams?
You must educate yourself about the warning signs and other safety tips.
Warning Signs of a Business Email Compromise Fraud:
1. It comes with a sense of urgency. e.g. urgent payment, urgent response, urgent subject matter, etc. The fraudsters want their victims to respond quickly before they can think clearly.
2. Sudden change in email address. e.g. When you notice a sudden change in the email address of the CEO, customer, lawyer, or staff of the company you are dealing with, be suspicious.
3. Sudden change in website: When you notice a change in the website of any company before, during, or after a transaction, you should be suspicious.
4. Sudden change in the contact telephone number.
5. Sudden change in bank account details.
6. Introduction of third-party email into the business transaction.
How to avoid Business Email Compromise Fraud:
1. Individuals and companies should educate themselves on how to avoid a Business Email Compromise Scam.
2. When a change in email address, phone number, bank account details, website, etc is noticed, report immediately to your bank or anti-fraud agencies.
3. Always use firewall, antivirus and other tools to scan your computers, mobile phones, and other devices to prevent malware infections.
4. Before you provide any sensitive, personal, or company’s information on any website, make sure you verify the authenticity of the website.
5. If you receive an email that notifies you of a change in the mode of payment or a change of bank account details, make sure you investigate thoroughly by contacting the supposed receiver of the payment via another channel. e.g. phone calls, courier services, etc.
6. If you are a victim of a Business Email Compromise Scam, report immediately to appropriate authorities for urgent action. e.g. your bank, police, or anti-crime organisations.
About the author
I am Rotimi Onadipe by name. I am the CEO of Onadipe Technologies and also the National Coordinator of Internet Abuse & Crime Prevention Project. I educate the public, particularly internet users on how to stay safe online and avoid online dangers.