It’s 4 p.m., and just as you are ready to shut down your laptop for the day, you get an email from the CEO of the company.

It reads:

! High Importance

Please process a wire transfer payment in the amount of $250,000 and code it to “admin expenses” by the end of business today. Wiring instructions are below. 

What do you do?

STOP and THINK or TAKE ACTION?

If you said STOP and THINK, then you are correct!

CEO Fraud is just one of the four ways that Business Email Compromise can be financially damaging to an organization.

What is Business Email Compromise?

Business Email Compromise is a cyberattack that uses email fraud to target organizations or individuals who handle money or sensitive information. It allows the attacker to impersonate someone you trust and tries to trick you into sending funds, granting access to, or releasing sensitive information to them.

Types of Business Email Compromise
  1. Data Theft: Scammers target HR Departments and steal information like someone’s personal phone number. Having this kind of information would make it easier for the scammer to make their stories seem more believable.
  2. CEO Fraud: Like the example above, scammers hack into a CEO’s email account and send instructions to an employee to make a purchase or send money immediately. In some cases, they will request an employee purchase gift cards and send them the serial numbers.
  3. Account Compromise: Scammers use phishing or malware to get access to an employee’s email account. They will then email the company’s suppliers fake invoices that request payment to a fraudulent bank account.
  4. False Invoice Schemes: A scammer will pose as a legitimate vendor your company does business with and email a fake bill that resembles a real one. The account numbers might be a digit off, or they will ask you to send payment to a different bank for one reason or another, such as “their company is being audited” or “they switched banks”.
How to Protect Your Business
  1. Be careful what information you share online or on social media. By sharing things about yourself, you can provide scammers with all the information they need to guess your passwords.
  2. NEVER click on any links in an unsolicited email asking you to update or verify account information.
  3. Always examine an email address, URL links included, and spelling used in any email correspondence. You will be able to recognize spam emails by inconsistencies in the sender information, content of the email, grammar and spelling, URL of links included, and any warnings at the beginning of the email.
  4. Be extremely cautious of what you download. Never open an email attachment from someone you do not know.
  5. Set up two-factor authentication on any account that allows it.
  6. Make sure to verify payment and purchase requests in person or by calling the individual.
  7. Be cautious if the requestor of a payment is pressing you to act quickly.

And remember, you have the power to STOP and THINK. Be smart and say no to fraud.