AUGUSTA, Ga. (WJBF) –A common workplace phishing scam, known as a business email compromise (BEC), makes you think someone from work needs your help.
In 2019, the FBI Internet Crime Complaint Center received just under 24 thousand reported BEC incidences, totaling over $1.7 billion in loses.
Dr. James Smith, assistant professor at Augusta University’s School of Computer and Cyber Sciences, says there are three main characteristics to this type of scam.
1. The request feels out of the ordinary
Dr. Smith advises people to ask themselves if the request seems abnormal. Consider whether the message has a tone you would expect from the person the e-mail appears to be from. He says one can also consider it a red flag if the person claims to be an internal employee, but the e-mail is flagged as coming from outside the organization.
“Is the request that’s being asked one you would perform during your normal duties? And finally, does it follow the normal organizational procedures as you understand them?” Dr. Smith said.
For example, if the request is to pay an invoice to a company or vendor, ask yourself if your duties include paying invoices, and if this is the protocol in which you fulfill invoice payments.
2. Requests something of value
“There’s always a call to action. It may be a wire transfer of money out of the company, an invoice payment, a request to change direct deposit information on an employee’s payroll,” Dr. Smith said.
A common BEC request is for gift cards said to be a surprise for an office party. However, a scammer may not ask for something monetary, but there will always be a request for something of value, like passwords or personal information.
3. Sense of urgency
Dr. Smith says scammers strategically portray a sense of urgency in their requests, so the employee feels they can’t take time to think before they act.
“They [employees] want to impress their superiors, so there’s an eagerness when you get a request from them to want to get the job done,” Dr. Smith said,
What should you do if you’ve received a request with these characteristics?
Dr. Smith says the most important thing an employee can do is slow down and think through the request.
“Try to reach out to the superior or the employee the message reports to be from. If it’s an email, call them at their office, call them on their cellphone, send a text. Try to get it verified,” Dr. Smith said.
And he says workplaces should aim to provide an environment of open communication where employees feel comfortable verifying and denying requests of this nature.
“Organizations should also empower employees to say no. If a request is abnormal, it doesn’t follow normal procedures, or something is just strange about it, employees should be told that the right thing to do is to be skeptical,” Dr. Smith said.