The Office Financial Affairs and the Office of Information Security want to ensure you have the tools and support needed to protect again BEC scams.
Procurement Office: For any questions regarding vendors or how to setup vendors within PaymentWorks.
Office of Information Security: For any questions, resources, tools, and articles available to recognize cybersecurity risks.
Business Email Compromise (BEC) scams are when cyber criminals impersonate a trusted individual or organization to trick employees into transferring funds, providing sensitive information, or taking other harmful actions. But armed with some knowledge, you can spot and avoid these attempts rather than taking the bait.
Common BEC Scams
Account Compromise - In some cases, cyber criminals gain access to a company's email system and monitor communications to identify opportunities for fraud. They may intercept legitimate emails, modify bank account details, or insert themselves into ongoing conversations to redirect payments.
Data Theft: Instead of directly targeting financial transactions, some BEC scams aim to steal sensitive information such as login credentials, customer databases, or intellectual property. Cyber criminals can then exploit this information for financial gain or sell it on the dark web.
Employee Impersonation: A cyber criminal gains access to an employee's email account and uses it to request sensitive information, such as employee payroll data, customer lists, or financial records. They may also use these compromised accounts to request fund transfers, pretending to be the legitimate account owner.
Gift Card Scams: Cyber criminals may impersonate company executives or employees and request the purchase of gift cards for various reasons, such as employee rewards, client gifts, or charity donations. Once the gift card codes are provided, they quickly redeem them, making tracing difficult.
Invoice Scams: Cyber criminals pose as legitimate suppliers or vendors and request payment or changes to payment details. Unsuspecting employees pay the invoices as usual or update the payment information, but the funds go to the cyber criminal's account instead of the legitimate supplier.
Tips to Avoid BEC Scams
Staying vigilant and cautious can help you stay one step ahead of cyber criminals. Remember: If it feels off, trust your instincts!
- Direct all vendors to PaymentWorks for updating vendor information such as ACH payment, direct deposit, or vendor contact information.
- Be skeptical of unsolicited outreach and never use contact information provided in suspicious outreach.
- Resist the pressure to act immediately. Think before you click, respond or open attachments.
- Verify a link is legitimate by hovering your cursor over the link to see where it leads.
- Pay attention to inconsistencies in outreach like:
- Poor spelling, grammar and/or punctuation.
- [EXTERNAL] tag on an internal email.
- Unusual or unrecognized sender address/number.
- Reply-to email address different than the sender address.
- If you're still tempted to respond, reach out using information found on an official website or previous legitimate communications.
- Take steps to block unwanted calls and text messages, and report suspicious emails as phishing.
What to Do if You've Been Scammed
If you know or believe you’ve been scammed, don't panic. You can take action to limit the impact and help stop others from being scammed.
- Stop all communication with the cyber criminal immediately and block their number or email address.
- Document and preserve any evidence of the scam, including dates, times, payment amounts, and communications.
- Report the scam to relevent entities such as your supervisor, UNIT and the impersonated individual/vendor.
- Change associated account passwords and monitor your accounts for any suspicious activity.
Additional Resources