Payor Beware: FBI Warns of Business Email Compromise Scam
By Amy Hanson, Vice President, PartnerShip Services
In today’s world, it seems like every click of the mouse is a risk, as more sophisticated phishing schemes have made it increasingly difficult to discern what’s legitimate and what’s not.
One such scenario surfaced recently during payment of a settlement. Because this situation is integral to claim operations, we felt it was important to share it so our clients and business partners could avoid becoming a victim of this scam.
The most frightening aspect? The timing of this scheme made a request for payment seem completely legitimate. Read on to find out how.
Settlement Payment Request
On a daily basis, claim settlements are reached and payments are sent to plaintiff attorneys to satisfy those commitments. In a recent case, a settlement was reached in a litigated claim and it was time to fund the settlement.
At the appropriate time, the defense attorney received an email from the plaintiff attorney. In this email, the attorney offered an Electronic Fund Transfer (“EFT”) link to pay the settlement.
When the defense attorney contacted the plaintiff attorney to discuss how the settlement would be funded, the plaintiff attorney was surprised to learn about the email requesting the EFT – because it had not been sent by that attorney.
Timing was Right
What was particularly scary about this situation was that the timing of the email was exactly the right time the settlement would typically be paid. As we talked about this further, we heard other stories of emails requesting payment from individuals at the exact time they were expecting to be making a payment.
This was scary to contemplate! I wondered how a scammer would know when to send a fake request. How were they accomplishing this?
After doing some research, I found several articles on different phishing schemes but one method in particular stood out that explains how this happens: the Business Email Compromise, or “BEC,” scheme. The Federal Bureau of Investigation (FBI) defines it as a malware -- suspicious software -- that gets installed on your system that allows criminals undetected access to legitimate email threads about billing and invoices. That information is then used to time requests for invoices or payments. Because the timing is right, many recipients don’t question the payment request. And, in this case, the plaintiff attorney was completely unaware of the EFT email until he was contacted by the defense attorney – because he had not sent it.
Protect Yourself and Your Team
The FBI offers several ways to protect ourselves from falling for these seemingly legitimate requests:
- To avoid being the victim of malware:
- Don’t click on anything in an unsolicited email asking you update or verify information. If it seems legitimate, look up the information directly on that company’s website or call them directly. Don’t use any contact information provided in the unsolicited email.
- Be careful what you download and never open an email attachment from someone you don’t know. Be wary of email attachments forwarded to you, even from a name you might recognize.
- Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- And most importantly, as the defense attorney did in this case, verify payment requests by direct contact with the requesting party to make sure it is legitimate. Verify any change in account number or payment procedures with the person making the request. Be especially wary if the email requestor is pressing you to act quickly.
Though we may bemoan these extra steps it takes to stay safe and aware in our digitally driven world, it’s clear how important it is to be diligent in protecting our systems from malware, as well as scrutinizing any requests for payment. Having a settlement payment misdirected to a scammer would be a difficult thing to explain and ultimately very costly to the company and potentially the industry.
Ultimately, the most effective way to avoid becoming victim to these schemes is awareness so by reading this article you are more educated on the potential risks and can avoid them. Consider sharing this information with your team and colleagues (and let them know it’s safe!). For more information on the BEC scheme from the FBI, please click here.
As always, PartnerSource appreciates your partnership. We look forward to continuing to share important industry news and trends.