- Business email compromise (BEC) scams are impacting organizations across the U.S. The latest scam, which the Identity Theft Resource Center (ITRC) continues to see, is a business invoice phishing email that asks employees to download a fake business invoice.
- The emails, sent from spoofed email accounts, include a fake and malicious invoice that, if clicked on, could lead to malware, ransomware or stolen personal information.
- BEC scams continue to rise. According to the FBI’s latest Internet Crime Report (IC3), in 2020, the IC3 received 19,369 BEC complaints with adjusted losses of more than $1.8 billion.
- To avoid these scams, you should ignore emails you are not expecting, never click on any unknown links and reach out directly to the person the email claims to come from to verify the validity of the message if needed.
- If anyone believes they are a victim of a business invoice phishing email scam or wants to learn more about fake business invoices or BEC scams, they can contact the ITRC toll-free by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.
Business email compromise (BEC) scams continue to rise. The latest variation is business invoice phishing emails, a variation of an old scam that traditionally relied on faxed or mail invoices. According to the FBI’s latest Internet Crime Report (IC3), in 2020, the IC3 received 19,369 BEC complaints with adjusted losses of over $1.8 billion. While BEC scams have been around for years, they have evolved to include compromises of personal emails, vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector and fraudulent requests for large amounts of gift cards.
The Identity Theft Resource Center (ITRC) has seen an increase in a handful of BEC scams, including business invoice phishing emails. The organization sees more emails weekly where a business executives’ email is spoofed and used in a phishing scheme to steal people’s personal information.
Who Are the Targets?
Business executives; employees; email users
What is the Scam?
Threat actors spoof company email accounts and impersonate executives to try and get an employee to click on a link or attachment. In this particular business invoice phishing email, the email appears to come from an executive with an “invoice” attached to the email. However, the invoice is fake.
What They Want
If someone clicks on the fake business invoice, it could lead to malware, a ransomware attack or stolen personal information and login credentials, which could be used to commit an array of identity crimes.
How to Avoid Being Scammed
- If you receive an email with an attached invoice from a business executive you are not expecting, do not respond. Instead, reach out to the executive directly to see whether or not they sent the message.
- Look for misspellings in the email. Sometimes scammers will alter a letter in the sender’s email address, hoping you do not notice.
- If you receive a business invoice phishing email, report it. You can report it to the Federal Trade Commission at www.ftc.gov/complaint.
- Companies should train their employees on how to spot phishing attacks, like one’s that include a fake business invoice. Employees should know what to look out for, what to avoid and the latest BEC scams making the rounds.
To learn more about fake business invoices, BEC scams or if you believe you were the victim of a phony business invoice phishing email, contact the ITRC toll-free by calling 888.400.5530. You can also visit the company website to live-chat with an expert advisor. Go to www.idtheftcenter.org to get started.