News broketodaythatBEC scammers have responded to the flurry of attention brought on their practices in 2018 by moving towards a different tactic; impersonating an employee and issuing a fraudulent request to change their bank account details with the HR department.

Corin Imai, Senior Security Advisor at DomainTools:

“As public awareness of BEC scams has grown in the past year, it is only natural for scammers to pivot towards a different entry point. While HR departments have always been a highly valued target for fraudsters due to the readily accessible PII and financial details, diverting funds by pretending to be an employee is a relatively new tactic, which makes sense; Employees changing bank accounts is a relatively common occurrence, and making sure people get paid is a top priority for any HR department, which may lead them to overlook tell-tale signs of a fraudulent email. The advice remains the same when it comes to BEC fraud: Check with the individual involved and follow organisational protocol. It’s better to be slightly later in paying than to willingly pay a criminal. Don’t let yourself become the human vulnerability!”

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.