Please upgrade your browser.

We’ll stop supporting this version of your browser soon. Upgrade now to protect your accounts and enjoy a better experience. See your choices.

Please upgrade your browser.

While Microsoft Internet Explorer® 11 meets our minimum browser requirements you may want to upgrade now to protect your accounts and enjoy a better experience. See your options and get help downloading a new browser.

Close

We’ve signed you out of your account.

You’ve successfully signed out

We’ve enhanced our platform for chase.com. For a better experience, download the Chase app for your iPhone or Android. Or, go to System Requirements from your laptop or desktop.

Chase Dealer Services - Setting the Pace Newsletter

   

 

News & Stories

Thieves Grab Millions Through Business Email Compromise

Los Angeles Deputy District Attorney warns auto dealers of this growing cyber crime

Today’s cyber criminals have identified the weakest link—and it’s not a flaw in your computer system.  It is human beings.

They’ve found that people provide the easiest point of entry into our companies.  And they’re using that against us through business email compromise.

Business email compromise (BEC) costs businesses more than $500 million annually in Los Angeles County alone, according to William Pfaff, Deputy District Attorney.

It’s difficult to trace and prosecute making it a low risk crime, Pfaff recently shared with local auto dealers at a Chase Auto event.

BEC is deceptively simple—here’s how it happens

Social engineering is at the core of BEC.

Typically, a criminal will impersonate a key person in the company, such as a general manager or chief financial officer, and send a fraudulent email to an employee with a straightforward request.

The employee, believing the email is legitimate, takes the action requested, most often wiring funds to another account.

“These guys do their research, targeting companies that regularly transfer funds. Then they’ll find the boss and the employee who fit the bill,” says Pfaff.  “They’ll wait until the boss is on vacation—using social media for clues—and send the message.”

The employee typically doesn’t want to question the directive, so they’ll comply.  And within minutes the funds are lost.

Tips to prevent BEC

Pfaff recommends four easy ways to ward off BEC:

1) Be careful with your own internet footprint and encourage your employees to think about what they’re sharing online about their roles at work and their personal lives.

2) Be sure your team knows to be wary of emails with instructions to do something—especially if the instructions come from someone senior who they don’t typically hear from.

3) Use a multi-factor authentication approach and implement a process with your employees that requires a voice confirmation before funds are transferred. A simple phone call goes a long way toward adding security.

4) If your business is victimized, contact your bank and local law enforcement immediately.  It will increase the likelihood of recovering funds and of a successful investigation and prosecution.

This is for informational purposes only and not intended for distribution or as business, tax or legal advice.