Stopping the email forwarding scam that drains your bank account

The threat of email fraud is a serious concern due to our increasing reliance on digital communication. A recent experience shared by Teresa W. highlights the dangers of business email compromise (BEC).

Nearly all the money in our business account was withdrawn through an internet fraud scam. Our personal banker called to inform us and said she received an email from me with the money wiring directions. I denied sending the email and she said it came directly from me. I instructed her to stop everything and I would investigate the matter.

"It appears that the thieves obtained a wiring instruction paper from my email, which they hacked into. They established a rule in Outlook to bypass me if anything originated from them and directed it straight to the banker. They modified the wiring instructions to enter their account. Fortunately, our banker notified me, allowing me to investigate the matter. This was a near miss."

A recent incident showcases a complex fraud scheme in which cybercriminals exploit legitimate email accounts to trick others into transferring funds. Thanks to Teresa's prompt response and her banker's diligence, a substantial financial loss was avoided. However, this event serves as a warning to businesses everywhere.

Enter the giveaway by signing up for my free newsletter.

What is business email compromise (BEC)?

BEC is a type of cybercrime that targets companies involved in financial transactions, resulting in billions of losses worldwide. Unlike other cyber attacks, BEC scams rely on psychological manipulation rather than technical exploitation, making them difficult to detect and prevent.

How the scam works

Email hacking: Scammers frequently obtain access to email accounts through phishing attacks, which deceive users into disclosing their login information or by utilizing malware to capture sensitive data.

Scammers can create email rules in clients like Outlook that redirect or hide specific emails, making it possible for fraudulent activities to go unnoticed by victims.

The fraudster poses as the target and communicates with third parties, including financial institutions and suppliers, demanding immediate bank transfers or confidential data.

The scammer uses convincing details and urgency in their requests, making it seem like the email is legitimate. They may use language or references that only the victim and their contacts would understand.

Real-life implications

The impact of BEC scams on small businesses like Teresa's, which may not have extensive cybersecurity measures, can be particularly severe, including direct financial losses, reputational damage, loss of customer trust, and potential legal ramifications.

Proactive steps to avoid being a victim of BEC scams

To prevent BEC and similar frauds, businesses should take a proactive stance on cybersecurity.

To safeguard yourself from malicious links and potential data breaches, it is recommended to have reputable, up-to-date, and strong antivirus software installed on all your devices. For the best antivirus protection in 2025, check out my top picks for Windows, Mac, Android, and iOS devices.

2) Ensure passwords are complex and unique for each account. Consider using a password manager to generate and store complex passwords.

Enable multifactor authentication to add an extra layer of security to your accounts.

Keep track of your financial, email, and social media accounts for any suspicious activity. If you suspect scammers have stolen your identity, consider purchasing identity theft protection.

Companies that specialize in identity theft can track your personal data, such as your Social Security number, phone number, and email address, and notify you if it is being sold on the black market or used to open accounts. Additionally, these companies can help you freeze your bank and credit card accounts to prevent any further unauthorized use by criminals.

Some services offer identity theft insurance of up to $1 million to cover losses and legal fees, as well as a white-glove fraud resolution team with a U.S.-based case manager to help you recover any losses. Check out my tips and best picks on how to protect yourself from identity theft.

Consider employing data removal services to safeguard your personal information following a BEC scam. These services trace and erase your data from numerous online sources, databases, and data brokers. By removing redundant or outdated information, data removal services reduce your online footprint, making it more challenging for scammers to locate and misuse your data.

Having a data removal service can be beneficial if you want to consistently monitor and automate the process of removing your information from numerous websites over an extended period of time. Here are my top recommendations for data removal services.

Update security questions and answers periodically to improve protection.

Review email rules regularly to detect unauthorized changes and potential security breaches.

To prevent sensitive information from being sent elsewhere without your knowledge, turn off auto-forwarding features unless absolutely necessary.

Before processing any financial transactions, always confirm the request through an additional communication channel (such as a phone call) to ensure its authenticity.

Restrict access to financial information and transactions to only those who require it within your organization.

Seek professional assistance if uncertain or the situation seems dire.

Notify the authorities and the Federal Trade Commission in the U.S. about the scam.

To prevent being overwhelmed with spam emails, my top recommendation is to set up an alias email address. An alias email address is an additional email address that forwards emails to the primary email address, allowing you to manage all your emails in one mailbox.

Using alias email addresses can help manage incoming communications by keeping them separate from your primary email address.

To avoid receiving spam emails and protect your email address from being stolen in a data breach, consider creating multiple email aliases. This way, you can easily delete an alias address if it becomes inundated with spam. Check out my review of the top secure and private email services for more information.

Kurt's key takeaways

The story of Teresa W. highlights the risks of digital communications and how BEC scams can compromise financial security and erode trust in electronic transactions. To safeguard against these threats, individuals and businesses must prioritize robust security measures and remain vigilant.

What are some additional measures that businesses and government agencies can implement to combat the growing threat of email scams? Please share your thoughts by contacting us at Cyberguy.com/Contact.

To receive my tech tips and security alerts, sign up for my free CyberGuy Report Newsletter at Cyberguy.com/Newsletter.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.