Mon. Nov 25th, 2024
Business Email Compromise
Phishing Scam Email Identity Alert 3d Rendering Shows Malicious Theft Of Id And Bank Details By Information Phish

By Rotimi Onadipe

The Hushpuppi saga is a trending story that many people have shared severally on different social media platforms around the world. It had also generated a lot of controversies.

However, we need to ask ourselves a very important question about this trending story. Why is it that so many victims fell for the scam?

The answer is simply because the defrauded victims had little or no knowledge about the Business Email Compromise (BEC) scam which was the strategy used by Raymond Abbas aka Hushpuppi.

What is a Business Email Compromise?

BEC is a kind of fraud in which cyber criminals hack into a corporate email account and impersonate the real owner of the email account in order to lure the company, its employees, partners or customers into transferring money or sensitive information to the cybercriminals or divert their payments to another account created by the cybercriminals.

How it works:

The cybercriminals will do thorough research about the unsuspecting companies through their profiles, websites, social media posts, YouTube channels, journals, press releases etc.

Alternatively, they will create an email address that is very similar to that of the unsuspecting companies’ email addresses. In some cases, they will disguise themselves as the director, partner, lawyer or customer of the targeted companies and use their identities to obtain personal or sensitive information through email.

Research revealed that BEC fraud had already cost the United States businesses at least $1.6 billion in losses from 2013 to date.

A typical example of a BEC was recently reported in the news and has gone viral on social media with thousands of views within few days of the report.

In the report, a 38-year-old Nigerian, Raymond Abbas aka Hushpuppi was arrested along with 11 others by the Dubai police. They were accused of being involved in a BEC and other forms of internet fraud in which 1,926,400 victims were said to have been targeted by the syndicate.

The major reason why so many unsuspecting individuals and companies fall victim to BEC frauds almost every day is that they lack vital information about it.

How can you protect yourself or your company against BEC Scams?

You must educate yourself about the warning signs and other safety tips.

Warning Signs of a BEC Fraud:

  1. It comes with a sense of urgency. e.g. urgent payment, urgent response, urgent subject matter etc. The fraudsters want their victims to respond quickly before they can think clearly.
  2. Sudden change in email address. e.g. When you notice a sudden change in the email address of the CEO, customer, lawyer or staff of the company you are dealing with, be suspicious.
  3. Sudden change in website: When you notice a change in the website of any company before, during or after a transaction, you should be suspicious.
  4. Sudden change in the contact telephone number.
  5. Sudden change in bank account details.
  6. Introduction of third-party email into the business transaction.

How to avoid BEC Fraud:

  1. Individuals and companies should educate themselves on how to avoid BEC scams.
  2. When a change in an email address, phone number, bank account details, website etc is noticed, report immediately to your bank or anti-fraud agencies.
  3. Always use firewall, antivirus and other tools to scan your computers, mobile phones and other devices to prevent malware infections.
  4. Before you provide any sensitive, personal or company’s information on any website, make sure you verify the authenticity of the website.
  5. If you receive an email that notifies you of a change in the mode of payment or a change of bank account details, make sure you investigate thoroughly by contacting the supposed receiver of the payment via another channel. e.g. phone calls, courier services etc.

6. If you are a victim of a BEC scam, report immediately to appropriate authorities for urgent action. e.g. your bank, police or anti-crime organisations.

Related Post

Leave a Reply