Press Release

Email Compromise Scam Targets Local Businesses

Friday, April 8, 2016

North Adams, MA – MountainOne Bank urges local businesses to be on the alert for the Business Email Compromise (BEC) scam. According to a public service announcement issued by the FBI, the Business Email Compromise (BEC) is a “sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.” The FBI announcement can be viewed online at https://www.ic3.gov/media/2015/150122.aspx.

Through the BEC, fraudsters continue to steal millions of dollars from businesses by compromising their official email accounts and using those accounts to initiate fraudulent wire transfers. Formerly known as Man-in-the-Email scams, these schemes compromise official business email accounts to conduct unauthorized fund transfers.

BEC scams often begin with an attacker compromising a business executive’s email account or any publicly listed email. Upon monitoring the compromised email account, the fraudster will try to determine who initiates wires and who requests them. The perpetrators often perform a fair amount of research, looking for a company that has had a change in leadership in the executive level of the finance function, or companies where executives are travelling or leading an investor conference call, and use this as an opportunity to execute the scheme.

Businesses are advised to stay vigilant and educate employees on how to prevent being victimized by BEC scams and other similar attacks. Here are some tips on how to stay protected and secure:

  • Carefully scrutinize all emails. Be wary of irregular emails that are sent from executive level employees, as they are used to trick employees into acting with urgency. Review emails that request a transfer of funds to determine if the request is out of the ordinary. If it does look out of the ordinary, ask about the request.
  • Educate and train employees. While employees are a company’s biggest asset, they're also usually the target for email scams in order to circumvent a company’s security. Commit to training employees according to the company’s best practices. Remind them that adhering to company policies is one thing, but developing good security habits is another.
  • Verify any changes in vendor payment location by using a secondary sign-off by company personnel.
  • Stay updated on your customers’ habits including the details and reasons behind payments.
  • Confirm requests for a transfer of funds when using phone verification as part of two-factor authentication, and use known familiar numbers, not the details provided in the email requests.

If you suspect that your businesses may have been targeted by a BEC email, immediately report the incident to your bank and to law enforcement.

MountainOne Bank maintains information on the latest scams and fraud attempts on a special Security web page: https://www.mountainone.com/security. Businesses are urged to check this page routinely in order to stay up-to-date on the latest scams.

ABOUT MOUNTAINONE BANK

Founded in 1848, MountainOne Bank has assets of over $840 million and provides a broad range of banking services supporting the needs of personal and business customers. MountainOne Bank has three full service offices serving the Berkshires, three serving Boston South, and one serving Boston North. MountainOne Bank is a subsidiary of MountainOne Financial, a mutual holding company headquartered in North Adams, MA. The following companies operate as divisions of MountainOne Bank: Coakley, Pierpan, Dolan & Collins Insurance; True North Insurance; and True North Financial (financial professionals offering securities and advisory services through Commonwealth Financial Network®, Member FINRA/SIPC, a Registered Investment Advisor).