NCUA Risk Alert: Business Email Compromise Fraud

Monday, the NCUA issued an alert that describes the increasing frequency of, and losses related to, business email compromise fraud schemes. Credit unions can take steps to prevent this type of fraud and should report such fraud, when it occurs, to the FBI’s Internet Crime Complaint Center. Credit unions that report incidents to the Internet Crime Complaint Center promptly increase their opportunity to recover funds that have been wired under fraudulent pretenses.

 Business Email Compromise

Business email compromise occurs when a criminal uses email to impersonate a legitimate business or person in order to request or access fraudulent payments. Criminals may compromise a victim’s email address or domain or use publicly available services to spoof this information.

Criminals impersonate people in a variety of industries ranging from real estate, law, religious organizations, and business vendors, and use email to initiate or redirect a wire transfer before a victim discovers the transaction. They also use social engineering, spoof business email accounts, or send fake links to further these types of schemes. They typically leverage a victim's authority to pressure a target into acting quickly or secretly when handling a transfer.

The FBI advises that business email compromise is a pervasive threat that can result in significant financial losses. Between October 2013 and May 2018, the FBI (in cooperation with financial, domestic, and international law enforcement partners) identified more than 78,000 incidents of domestic and international business email compromise.

 Click here to read the agency’s full alert.