Cyprus Police
The Cybercrime Directorate recommends that the public be aware of incidents of fraud using a compromised email account. Fraud using a compromised email account – Business Email Compromise (BEC) is an exploit in which an attacker gains access to a business email account and impersonates the owner in order to defraud the company and its employees, customers or her partners. Often, an attacker will create an account with an email address almost identical to one on the corporate network, based on the supposed trust between the victim and their email account.
In most cases, fraudsters will focus their efforts on employees who have access to the company's finances and try to trick them into making wire transfers to bank accounts they think are trustworthy, when in fact the money ends up in accounts belonging to criminals. The most common victims of BEC are usually companies that use wire transfers to pay international customers. If money fraud is not caught early, the funds can often be almost impossible to recover, due to any number of laundering techniques that move the funds to other accounts. Good practices As a business • Ensure that employees are informed and aware of the specific form of fraud and how to avoid it. • Implement a process to verify the legitimacy of the payment requests you receive. • Instruct staff responsible for paying invoices to always check for irregularities. • Check the information posted on your business website, specifically your contracts and suppliers. Ensure staff limit disclosure of company information on social media. As an employee • Verify that all payment requests are from the actual suppliers of the business, especially if they ask you to amend their bank account details for future payments of invoices or other documents. • Do not use the contact details included in the letter/fax/e-mail in which the change of details is requested. Instead, use the contact information from your previous correspondence with the supplier. • Designate unique points of contact with businesses to whom you make payments at regular intervals. • For payments that exceed a certain amount threshold, establish a process to confirm the correct bank account and recipient (eg contact the business). • When you pay an invoice, send e-mails informing the recipient of the payment. On it write the name of his bank and the last four digits of his bank account to secure the transaction. • Limit the information you share about your employer on social media.