As we all know, email has become a way of life… especially when it comes to running a business in today’s digital society. While email helps us communicate, share information and keep in touch, the reality is companies of all sizes are being targeted by criminals through business email compromise scams. In these scams, cybercriminals gain access to an employee’s legitimate business email through social engineering or computer intrusion (like a virus or malware). The criminal then impersonates the employee often a senior executive or someone who can authorize payments and instructs others to transfer funds on their behalf.

To help reduce the likelihood that you don’t become a victim to one of these types of attacks, Astra Bank recommends the following tips to help businesses and employees avoid business email compromise attacks:

• Educate your employees. You and your employees are the first line of defense against business email compromise. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
• Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected iInternet connections. Encrypt sensitive data and keep updated your anti-virus protection updates on your computer at all times. You should also be using complex passwords (a combination of letters, numbers and special characters) and change them periodically.
• Use alternative communication channels to verify significant requests. Have multiple methods outside of email – such as phone numbers, or alternate email addresses – established in advance through which you can contact the person making the request to ensure it is valid.
• Be wary of sudden changes in business practices or contacts. If an employee, customer or vendor suddenly asks to be contacted via their personal e-mail address, verify the request through a known, official and previously used correspondence as the request could be fraudulent.
• Be wary of requests marked “urgent” or “confidential. Fraudsters will often instill a sense of urgency, fear or secrecy to compel the employee to facilitate the request without consulting others. Again, use an alternative communication channel outside of email to confirm the request.
• Partner with your bank to prevent unauthorized transactions. Talk to your Astra Bank-er about programs that safeguard you from unauthorized transactions such as call backs, device authentication and multi-person approval processes.

For more tips, see the Federal Bureau of Investigation’s Internet Crime Complaint Center’s public service announcement.

If you fall victim to a business email compromise scam:

• Contact Astra Bank immediately to notify us of the fraudulent transfer and we will contact the institution where the fraudulent transfer was sent.
• Contact your local Federal Bureau of Investigation office as they might be able to freeze or return the funds, if notified quickly.
• File a complaint, regardless of dollar loss, at www.IC3.gov.

So be wary of these threats to your business. We know you’re not going to stop using email, but hopefully, you’ll have a deeper appreciation for the security measures that need to be in place to keep the cyber criminals out of your Inbox (and your bank account).