BECareful Who Is Requesting Payment or Your Password

July 5, 2022

By Tokio Marine HCC – Cyber & Professional Lines Group

A clinic office manager received an email from one of her clinic’s physicians requesting she wire funds to a specified location. The office manager wired the requested funds. When the physician called shortly later, the office manager asked if he received the wired funds, and the physician advised he did not submit this request. Upon investigation, they discovered the office manager was tricked by a hacker who created an email address nearly identical to the physician’s email address.

This type of incident happens far too often and is called Business Email Compromise (BEC). We’ve seen it with individual physician offices and large hospital systems. No one is immune to becoming a victim of these attacks. 

BEC occurs when criminals gain access to a team member’s email account or impersonate a business contact to trick the team member into wiring or transferring money to a bank account the criminal controls. Most often, the impacts of BEC are reflected in misdirected payment fraud or funds transfer fraud. According to FBI statistics, BEC resulted in losses totaling $1.8 billion in 2020 alone.1

What to do if this happens to you

What happens if you have been a victim of BEC? Here are some quick actions to take if you think this might have happened to you:

  • Contact your bank and initiate a recall on the fraudulent wire transfer/ACH.
  • Contact your bank’s fraud department immediately—the chances of recovering lost funds are much higher when the recipient bank is alerted of potential fraud within a couple days of the transfer.
  • Report the claim by signing in or registering at ConstellationMutual.com. Click the Report Medical or Cyber Incident/Claim button on the top of the page and submit the form.
Best practices to protect your organization from BEC

The good news is that you can implement best practices to help protect your organization:

  • Implement multi-factor authentication (MFA) on all email accounts. While nothing is 100% failsafe, implementing MFA can help prevent criminals from accessing team member email accounts in the event credentials are stolen. In case this term isn’t as familiar to you, MFA is a secondary method to verify you are who you say you are. The secondary method is typically on your smart phone to authenticate a pin, a text or an email before granting you access to your system.
  • Always verify any request to change wire or invoice payment instructions by phone with the person who is making the request. Assume that all changes to payment instructions and urgent requests to wire funds are fraudulent until verified for authenticity.
  • Train employees to NEVER click on a link or open an attachment in an unverified email, even if the URL may contain a seemingly familiar website. Teaching employees to STAY ALERT for phishing emails is critical.
  • Be suspicious of new email addresses seemingly associated with known contacts, especially those that come from free, web-based email providers, such as Gmail.
  • Use email filtering to prevent malicious emails from landing in your team members’ inboxes.
  • Deploy next generation endpoint detection response (EDR) to help detect and stop the spread of malware. Unlike legacy antivirus software, EDR can detect, monitor and collect data from endpoints that indicate whether or not there is a threat. This enables you or your security team to quickly identify and respond to malware.
How to access Tokio Marine HCC CyberNET® resources

MMIC, UMIA, Arkansas Mutual and MMIC RRG policyholders have complimentary access to Tokio Marine HCC CyberNET®, the most advanced cyber risk management solution addressing the latest trends in data breaches and cybercrime, including best practices to protect against BEC.

To find best practices and resources to mitigate cyber incidents, sign in or register for MyAccount at ConstellationMutual.com and navigate to Cyber Prevention found in the featured content section on Risk Resources.

MMIC®, UMIA® and Constellation® are trademarks of Constellation, Inc.

References

  1. Source: FBI 2020 IC3 Report

Latest Blog Articles

How to Respond When Unprofessional Behavior Threatens Safety

When unprofessional behavior threatens patient safety, care teams must be prepared to respond appropriately. Learn how Constellation can help.

How Early Intervention After Harm Events Helps Everyone Heal Sooner

Early intervention after a harm event helps patients, senior living residents and care teams heal, a process that takes many forms. Learn how Constellation can help expedite the healing process.

BECareful Who Is Requesting Payment or Your Password

Learn how to implement best practices to help protect your organization from Business Email Compromise.