Close up of laptop on desktop with digital euro hologram on blurry background. Trade, finance and money concept. Double exposure
11.6.2024 02:00

Bank warns of new type of scam

There has been a significant rise in Business Email Compromise scams.

The Nordea bank warns about an increase in phishing and other scams in Finland. One of the fastest-growing types of scam is Business Email Compromise (BEC).

“BEC is an advanced kind of scam where frauds use genuine business-to-business invoices and orders. A BEC scam typically begins with criminals hacking a company’s email system,” Nordea says in a recent press release.

The targets of this kind of scam are often rank-and-file company employees. To hack email, criminals use employees’ login credentials, which they try to get through phishing.

“When they get credentials, scammers monitor a company’s email traffic and try to identify ongoing transactions and invoicing or payment processes. When the scammers have monitored a company’s external and internal communications for long enough, they embed themselves in the email at just the right moment,” says Annukka Multanen, a fraud combat expert at Nordea.

“Almost identical address”

Scams often being with simple phishing emails which ask the recipient to update their username and password. Generally, an employee is fooled into clicking a link and thus providing their credentials. Phishing can happen via scam emails which appear to come from a familiar company such as Microsoft, Google or Apple.

To make use of email, frauds create a fake email address which is almost identical to the service provider’s email address.

“The error is so small that it goes unnoticed. Scammers send an email from their fake email address to the finance department where they ask them to update their payment details with a new bank account number. They may say the reason is something like an internal review at the provider,” Multanen says.

The finance department may assume it has received the email from a trusted partner of the company and make the payment to a new account. As a result, they pay the money directly into the scammers’ account.

Nina Luomanen, Head of Business Banking at Nordea, says that criminals who scam businesses could potentially get their hands on significant sums of money.

“Companies can improve their defences by combining technological data security solutions with education and clear internal procedures. Anticipation is key, not only for securing the company’s property, but also for retaining partners’ and customers’ trust.”

How to protect yourself

Nordea recommends companies take the following steps.

Train employees

Companies should train employees to recognize phishing emails and other scams. Employers can raise awareness through regular training and tests.

Use 2FA

Nordea recommends businesses use two-factor authentication (2FA), at least for the purpose of protecting user accounts. 2FA should also be used when the company wants to secure changes to payment details and the confirmation of large transactions.

Use email encryption

Use advanced email encryption systems which detect and flag suspicious activities. Such activity could include email addresses which differ slightly from familiar contacts.

Step up internal data protection practices

Draw up clear protocols for the internal distribution of sensitive data and for processing payment requests.

Are you a Suomen Yrittäjät member yet? Read about member benefits and advantages

Pauli Reinikainen