How to Prevent BEC with Vendor Payment Integration

Business email compromise (BEC) is a form of fraud that targets businesses in all industries. One of the main goals, of course, is getting at the money. To accomplish this task, fraudsters sometimes pose as third-party vendors and send an invoice to accounts payable departments asking for money to be wired overseas.

Using tricks as simple as slightly altering the email address (such as changing @legitvendor.com to @legit-vendor.com), these criminals often fool an unsuspecting employee into processing the request. Often, they’ll ask for relatively small amounts of money (perhaps “only” in the tens of thousands) so the request won’t flag a supervisor.

Some 75% of BEC attacks involve this type of email spoofing. This system is so successful, it has worked with even the largest Internet titans; in April 2017, it was revealed that both Google and Facebook lost $100 million to phony invoices, with scammers masquerading as their mutual hardware supplier Quanta.

While some vendors attempt to prevent fraud by issuing paper checks instead of allowing wire transfers, this method is more vulnerable than it seems. This is because it can be difficult to cancel a check and they can be easily replicated to create even more fraudulent transactions.

Payment Best Practices: Verify Vendors, Confirm Payment Requests

The best way to combat BEC, according to the FBI, is to first verify you are working with a legitimate vendor. This can be done by only dealing with companies that:

  • Hold the copyright, trademark, or patent to the merchandise in question
  • Use reputable companies (Best Buy, Staples, etc.) for all purchases
  • Have a physical address, working email and phone number

Once you have decided on a set of selected vendors, the FBI recommends creating a master vendor list; this list should be controlled/updated by someone who cannot also (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Stephen Moramarco. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/H3KhQQ9cZjk/