NCUA issued a risk alert (19-RISK-01) this week describing the increasing frequency of, and losses related to, business email compromise fraud scheme. The alert consists of a description of the attack, how to report to law enforcement, how law enforcement generally responds and ways to prevent, report and recover from business email compromise fraud.
“Credit unions can take steps to prevent this type of fraud and should report such fraud, when it occurs, to the FBI’s Internet Crime Complaint Center,” NCUA Chairman Rodney Hood notes. “Credit unions that report incidents to the Internet Crime Complaint Center promptly increase their opportunity to recover funds that have been wired under fraudulent pretenses.”
Business email compromise occurs when a criminal uses email to impersonate a legitimate business or person in order to request or access fraudulent payments. The Internet Crime Complaint Center’s goal is to quickly identify and freeze suspicious wire transfers before funds are transferred or removed from a suspect’s account.
Credit unions can take the following steps to help prevent business email compromise fraud:
More self-protection strategies are outlined in Department of Justice’s “Best Practices for Victim Response and Reporting of Cyber Incidents.”