Business Email Compromise and Authorised Push Payment (APP) Fraud
( 3 min read )
- Go back to blog home
- Latest
10 May 2024
Welcome to the latest edition of Ebury’s Counter Fraud Update. In this edition, we’ll focus on two prevalent threats to businesses: Business Email Compromise (BEC) scams and Authorised Push Payment (APP) fraud.
Business Email Compromise (BEC) Scams
BEC scams continue to be a significant threat to businesses of all sizes. These scams typically involve criminals impersonating company executives, vendors, or clients to deceive employees into making unauthorised payments or disclosing sensitive information. Here are four common tactics used in BEC scams to help you protect your business:
- Email Spoofing: Criminals spoof legitimate email addresses to trick employees into believing they are communicating with someone they trust.. To protect yourself and your business, always verify the sender’s email address especially when you receive requests for sensitive information or financial transactions.
- Urgency and Confidentiality: Some criminals may try to create a sense of urgency or demand confidentiality to pressure employees into bypassing standard protocols. Encourage a culture of vigilance among employees and emphasise the importance of verifying requests, especially those involving financial transactions or sensitive data.
- Two-Factor Authentication (2FA): Implement 2FA for email accounts and other critical systems to add an extra layer of security. Even if criminals gain access to login credentials, they would still need additional verification to access sensitive information or initiate transactions.
- Employee Training and Awareness: Regularly train employees on identifying phishing attempts, BEC scams, and other social engineering tactics. Conduct simulated phishing exercises to reinforce learning and ensure employees remain vigilant.
Authorised Push Payment (APP) Fraud
Authorised Push Payment (APP) fraud occurs when individuals or businesses are deceived into authorising a payment to an account controlled by a fraudster. Unlike unauthorised transactions, victims willingly authorise the payment, making it challenging to recover funds.
Here’s how you can protect your business against APP fraud:
- Verification Procedures: Establish robust verification procedures for verifying payment requests, especially those received via email or phone. Encourage employees to verify payment details through trusted channels before processing transactions.
- Payment Approval Workflow: Implement a secure payment approval workflow that involves multiple layers of authorisation for significant transactions. This can help prevent unauthorised payments and provide an additional opportunity to detect fraudulent requests.
- Transaction Monitoring: Use transaction monitoring tools to identify suspicious activity, such as unusual payment patterns or changes in beneficiary details. Promptly investigate any discrepancies and take appropriate action to prevent further losses.
- Customer Due Diligence: Conduct thorough due diligence on new customers, especially those requesting high-value transactions or making unusual requests. Verify the legitimacy of their business and identity to mitigate the risk of falling victim to fraudulent schemes.
By staying informed about the latest fraud trends and implementing preventive measures, you can effectively protect your business against BEC scams, APP fraud, and other cyber threats. Remember, vigilance and proactive security measures are key to maintaining the integrity of your business operations and safeguarding your financial assets.
Together, we can combat fraud and ensure the continued success of your business.
📩 If you need any advice on any fraud-related issues, contact us at [email protected].
SHARE
