Tips on how to protect your business from wire fraud

RICHMOND, Va. (WBT) – Cybercriminals are becoming so cunning that even large universities like Virginia Commonwealth University can be tricked into giving up thousands of dollars in wire fraud.

Cybercriminals in Nigeria hack a Business Email Agreement (BEC) by finding a provider that a business or company regularly communicates with. In VCU’s case, it was a construction company that the university had an ongoing contract with.

In this type of wire fraud, the company offering to use existing email chains must create a convincing-looking email address to give scammers an extra level of trust. From there, they just have to play the long game. Nigerians involved in this particular scam used this method to drain several institutions of millions.

VCU lost about $500,000, but fared much better than the other victims in this case. According to the FBI, the University of North Carolina paid nearly $2 million to scammers using a similar scheme. In Texas, a Houston-based college, construction company and government entities lost a total of more than $3 million.

Although it seems unlikely that a university will fall victim to BEC, cyber expert Alex Nate says that because so much money flows there, some accountants might not think about linking the funds. Scammers know this, and that’s why they use it.

“As long as you use the Internet, you are at risk. Whether it’s an organization or a university or just your family in your home,” Nate said. “Our focus as a company is how to keep your information safe online for both businesses and consumers.”

No one is too big or too small for these plans, says Nett, CEO of Richmond-based digital security company Hive Systems.

“The greatest thing about the Internet is that it connects us all, but the worst thing about the Internet is that it connects us all,” Nate said. The biggest thing that works for us right now is the speed at which we do business.

Nate says cheaters are hiding behind the screen here or there, just waiting for you to let your guard down. But he says we can slow down these criminals by simply picking up the phone to make sure you’re dealing with the right company.

“Call that company. Say, ‘I just got an email from you, and I want to make sure there’s a new place to check money…,'” Nate said. “Taking all that information and picking up the phone and stopping that cycle of abuse can keep this from being a problem for all of us.”

In the case of VCU, a university spokeswoman said the university was able to recover a large amount of money through insurance and put additional safeguards in place to prevent this type of fraud. But Nate said a simple phone call could have made the difference in making sure the university lost nothing.

BEC fraudsters can also try to impersonate loved ones or colleagues by using the victim’s trust in their email by hacking their information and exposing the victim to their contacts.

Nette says you should protect yourself from this tactic by making sure you don’t use the same password for multiple accounts and setting up two-factor authentication to log into your accounts.

“No one is safe, and that’s the big idea behind cybersecurity,” Nett said.

While the lost money may be a drop in the bucket for VCU and other victims of the $5 million wire fraud, the consequences of falling victim to this type of crime can be severe for individuals and small businesses. In most cases, because large amounts of money are frequently transferred to multiple accounts at home and abroad, the victim has little chance of ever seeing that money again.

The advent of cryptocurrency has made stolen funds less likely to be tracked and recovered unless the funds are insured.

Net said that six out of 10 small businesses that suffer BEC go out of business because they don’t have insurance policies or financial losses.

“While there are all kinds of companies that have tools and ticks to reduce that risk, that risk is still there,” Nette said. “This means we all need to take steps to protect ourselves.”

How to protect yourself.

• Be careful what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members and your birthday, you can give a scammer all the information they need to guess your password or answer security questions.
• Do not click on any unsolicited email or text message asking you to update or verify account information. Find the company’s phone number yourself (don’t use one a scammer might provide) and call the company to ask if the request is legitimate.
• Carefully check the email address, URL, and spelling used in any correspondence. Scammers use subtle differences to trick your eyes and gain your trust.
• Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments sent to you.
• Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
• If possible, verify payment and purchase requests in person or by calling the person to make sure they are legitimate. You must confirm any changes to the account number or payment procedures with the person making the request.
• Be especially careful if the interviewer is pushing you to act quickly.

Click here for more information on how you can protect yourself or your business.

Copyright 2022 WWBT. all rights reserved.

Send here to 12.

Want NBC12’s top stories in your inbox every morning? Register here.