A typical example of a “Business Email Compromise” was widely reported last June. In the report, a 38-year-old Nigerian, Raymond Abbas aka Hushpuppi was arrested and 11 others by the Dubai Police. They were accused of being involved in a “Business Email Compromise” and other forms of internet fraud in which 1,926,400 victims were said to have been targeted by the syndicate. Rotimi Onadipe explains the criminal scheme and how you can protect yourself against it
The Hushpuppi Saga is a trending story that many people have shared severally on different social media platforms around the world. It has also generated a lot of controversies. However, we need to ask ourselves a very important question about this trending story.
Why is it that so many victims fell prey to the scam?
What is Business Email Compromise?
Business Email Compromise (BEC) is a kind of fraud in which cyber criminals hack into an email account and impersonate the real owner of the email account in order to lure the company, its employees, partners or customers into transferring money or sensitive information to the cyber criminals or divert their payment to another account created by the cyber criminals.
How it works:
The cyber criminals will do a thorough research about the unsuspecting companies through their profiles, websites, social media posts, YouTube channels, journals, press release etc.
Alternatively, they will create an email address that is very similar to that of the unsuspecting company’s email address. e.g. “firstname.lastname@example.org” instead of “email@example.com.” In some cases they will disguise as the director, partner, lawyer or customer of the targeted companies and use their identities to obtain personal or sensitive information through email.
Research revealed that Business Email Compromise Fraud has already cost the United States Businesses at least $1.6 billion in losses from 2013 till date.
The major reason why so many unsuspecting individuals and companies fall prey to Business Email Compromise Fraud almost every day is because they lack vital information about it.
How can you protect yourself or your company against Business Email Compromise (BEC) Scam?
You must educate yourself about the warning signs and other safety tips.
Warning Signs of a Business Email Compromise Fraud:
- It comes with a sense of urgency. e.g. urgent payment, urgent response, urgent subject matter etc. The fraudsters want their victims to respond quickly before they understand that it is a scam.
- Sudden change in email address. e.g. When you notice a sudden change in the email address of the CEO, customer, lawyer or staff of the company you are dealing with, be suspicious.
- Sudden change in website: When you notice a change in the website of any company before, during or after a transaction, you should be suspicious.
- Sudden change in contact telephone number.
- Sudden change in bank account details.
- Introduction of third party email into the business transaction.
How to avoid Business Email Compromise Fraud:
- Individuals and companies must educate themselves on how to avoid Business Email Compromise Scam.
- When a change in email address, phone number, bank account details, website etc is noticed, report immediately to your bank or anti-fraud agencies for proper investigation.
- Before you respond to an email that looks legitimate, check the sender’s email address very well to avoid responding to a fraudster’s email.
- Always use firewall, antivirus and other tools to scan your computers, mobile phones and other devices to prevent malware infections.
- Before you provide any sensitive, personal or company’s information on any website, make sure you verify the authenticity of the website.
- If you receive an email that notifies you of a change in the mode of payment or a change of bank account details, make sure you investigate thoroughly by contacting the supposed receiver of the payment via another channel. e.g. phone calls, courier services etc.
- If you are a victim of Business Email Compromise Scam, report immediately to appropriate authorities for urgent action. e.g. your bank, police or anti-crime organisations.
Rotimi Onadipe, CEO Onadipe Technologies, National Coordinator- Internet Abuse Awareness & Prevention Project, Nigeria.