A local organization was recently impacted by a Business Email Compromise (BEC) scam.
“Company A” is a vendor to the victim organization. The email address for the owner of Company A was compromised. In late October 2021, while Company A’s owner was out of town, a hacker used the hacked email address to send new payment instructions to the victim. The change request included a new EFT form containing a phone number with the one digit changed, a fake voided check, and a fake W-9. Company A was a known vendor, the email address was legitimate, and the victim ultimately changed the company payment information on file.
Several days later, the victim issued payments totaling over $300,000 to the fraudulent account. The incident is currently under investigation by the U.S. Secret Service.
To Avoid a Scam, organizations should consider the following:
- Report the incident to authorities as soon as possible. An report may be needed for your bank to reverse a wire, and law enforcement can work with FinCEN to initiate the Financial Fraud Kill Chain.
- Consider a policy to verify payment change instructions via information on file
- Implement a two-signature requirement to issue checks or wire transfers
- Train buyers and accounts payable staff on a payment change verification policy and signs of a scam
- Talk to your bank ahead of time to confirm the process for freezing funds, cancelling checks, or reversing wire transfers – and have this written down so all staff is aware of the process
If you are the victim of a cyber attack or scam, please report it immediately. Contact information for agencies is below, or you can contact the SD-LECC to be connected to the appropriate agency.
Local law enforcement
Non-emergency number: (Find your LE agency’s number and include it in your response plan)
For life threatening emergencies: 911
Attack reporting, reporting coordination
San Diego Law Enforcement Coordination Center (SD-LECC)
Attack reporting, response team if all local resources are exhausted
California Cyber Security Integration Center (Cal-CSIC)
[email protected]; 916-636-2997
Attack reporting, response team if all local/state resources are exhausted
DHS CISA US-CERT
[email protected]; 1-888-282-0870
After incident reporting (if US-CERT not activated): https://www.us-cert.gov/report
Attack reporting, criminal investigations
[email protected]; 858-320-1800
After incident reporting (if FBI Cyber not already investigating): https://www.ic3.gov
Attack reporting, financial fraud investigations
U.S. Secret Service
[email protected]; 619-557-5640