First Mid Bank & Trust Educates on How to Avoid Business Email Compromise, Wire Fraud

St. Louis, MO (May 20, 2024) In 2023, the FBI received more than 21,000 complaints about Business Email Compromise (BEC), with adjusted losses over $2.9 billion. BEC and wire fraud are two ways businesses can suffer significant financial and reputational harm, and First Mid Bank & Trust (First Mid) wants to offer tips on how to spot the scams and keep businesses safe from detrimental cybercriminals.

BEC is a sophisticated scam targeting companies, particularly those that conduct wire transfers and have suppliers abroad. James Hinks, Senior Vice President, Information Security Officer at First Mid, said given the increasing reliance on email communication, understanding and preventing BEC is crucial for businesses of all sizes. BEC, a type of cyberattack, occurs when a scammer gains access to a corporate email account and poses as the company owner, an executive, or other positions of authority to initiate fraudulent transfers of funds. BEC can also happen when a scammer imitates or creates an email address very similar to someone else's within the company, or similar to a trusted vendor or client. Sometimes, attackers focus on obtaining personally identifiable information from targets. Hinks said there are several types of BEC fraud, including fake invoices, CEO fraud, account compromise, attorney impersonation, and data theft.

"While BEC scams are frightening, there are steps to avoid them," said Hinks. "Make sure your employees examine all email addresses carefully, especially when the content of the email seems off, extremely urgent, or deals with money and sensitive information. Train your employees not to click on links from unfamiliar emails and advise them not to share sensitive information over email without verbally confirming with the person who potentially sent the email that the information is actually needed."

Wire fraud is a form of BEC, but the losses from wire fraud can be thousands or even millions of dollars. In this scam, cybercriminals act as executives or high-level employees and ask for the urgent or immediate transfer of funds.

"Even if you are someone within your organization who is responsible for the transferring of funds and regularly receives requests regarding wire transfers, we advise you to stop, look, and think before deciding to make a transfer," said Hinks. "Examine the email address and look at the body of the email. Spelling errors or missing letters are signs of a scam. Another good step to take is to call the person who is requesting the transfer or to follow your in-house verification procedures. If you think the request is suspicious in any way, do not hesitate to report it to management or IT immediately."

No matter if it's for something smaller or for a large wire transfer, it's always important to verify the authenticity of any request and for businesses to implement a verification process for employees to follow. Verification of the request can happen through a trusted phone number or in a face-to-face setting.

BEC and wire fraud are formidable threats due to their reliance on social engineering and deception. Prevention requires a multi-faceted approach that combines technology, stringent processes, and continuous education. By implementing these strategies, companies can significantly mitigate risks and protect their assets from