YOUNGSTOWN, Ohio (WKBN) – A new report from the Better Business Bureau says more employees are targets of phishing scams.
In 2016, reported theft from business email compromise (BEC) was about 100 million per month. That number jumped to 300 million per month in just two years.
The phishing emails look believable. Hackers use an email just a letter or two different from an internal company email. Many times, they use company information like the CFO or CEO’s names, and they’re looking for money.
Hackers create a sense of urgency in the email, writing things such as “urgent,” “important” or “follow up request.”
Melissa Ames, vice president of the local Better Business Bureau, said hackers might ask for a money wire for the company or for an employee’s account for direct deposit to be changed.
“On average, they will contact 300 businesses before they have what they consider a success. Even though they are reaching out 300 times on average, the return is so much higher than if they were to target a homeowner,” Ames said.
There are ways to make sure you don’t become a victim of business phishing emails. Ames offers the following tips:
- Even if the email comes in the right name, check the domain. If it’s different from previous emails from your company, don’t open it.
- Are they asking for money to be moved? If so, call and confirm the request.
- Watch for buzz words like “urgent” or “important.”
The people responsible for these frauds are typically outside the United States. Law enforcement estimates about 90% of them operate in Nigeria, however, 90 people have been arrested or charged in the U.S. over the last three years for BED Crimes.
“You have to educate people at all levels. It has to be a team effort to combat this type of fraud,” Ames said.
Statistics show training employees on how to deal with phishing emails works. Ames says untrained employees will click on phishing emails about 30% of the time while just two percent of trained employees will.