Siden findes desværre ikke på dansk
Bliv på siden | Fortsæt til en relateret side på danskAn invoice lands in your inbox. The content of the invoice, the amount and the assignment are correct. But in addition to the invoice, there's a small detail from the sender: Please note that we have a new account number which the invoice should be paid to. Is everything in order – or is this a fraud attempt?
BEC is an abbreviation for business email compromise. This often begins with fraudsters gaining access to a login for an email account at a company. From here, they can gather information, see who has authority over what, who administers invoices and even, for example, what tone is used within the company. All information is compiled to stage a fraud attempt that usually aims to obtain sensitive information or manipulate payment details.
Like so many other methods, BEC fraud also begins with some form of social engineering where an employee is tricked into, for example, clicking on a link. It could be a phishing email that appears to come from Office365, Google or Apple where the recipient is deceived into giving away their login credentials.
"A multi-billion fraud can often begin with a simple phishing email where the recipient is asked to update their login credentials. Once the fraudsters are in the system, anything can happen. Make sure to activate two-factor authentication wherever you can, to protect your accounts," says Amalia Krantz, fraud expert at Nordea.
A multi-billion fraud can often begin with a simple phishing email where the recipient is asked to update their login credentials. Once the fraudsters are in the system, anything can happen.
Information is an important key to a credible fraud attempt, and fraudsters make sure to gather as much information as they can before they act. A completely fabricated invoice can easily be dismissed, but if they instead hijack a real invoice and change the account number it should be paid to, it's much harder to detect this.
"Making small adjustments to genuine information instead of fabricating completely new content is an increasingly common approach. This could involve changing a recipient account, a salary account or some other payment detail."
The fraudsters can stage their fraud attempt from genuine email addresses that they have breached, or they create their own addresses that are very similar to the addresses they want to pretend to send from.
A BEC fraud can affect the company from within, but it can also be a supplier or business partner. It could be an invoice from a subcontractor that has been manipulated, and even if you haven't been targeted yourself, you are affected by this.
"An important step to protect yourself is to verify and call back. If changes are to be made to recipient accounts or payment details, don't do this based solely on a written request. Pick up the phone and call back. Verify that the recipient really has a new account number before you follow instructions."
Insights
At Norway’s northernmost Nordea office in Tromsø, Business Banking plays a central role in supporting economic activity across some of the country’s most expansive and diverse regions.
Read more
Economy
The unstable conditions continue to dominate the forecasts, and nothing suggests an imminent shift.
Read more
Sustainable finance
Nordea’s Renewable Energy & Infrastructure Financing initiative supports pioneering clean energy ventures, from the world’s first commercial e-methanol plant to offshore wind, solar parks and digital infrastructure.
Read more