Our Houston Financial Centers are temporarily closed due to the recent severe weather. We apologize for any inconvenience. In the meantime, our online banking platform and mobile apps allow you access to everyday banking services.

ALERT: Understanding and Detecting Business Email Compromises

Published on Oct 18, 2023

The Texas Capital Fraud Investigations team has recently seen a rise in Business Email Compromises (BEC) targeting and affecting our business clients. We have provided the information below to increase awareness and share actions to take if our clients report they suspect they have been targeted.

In a typical BEC cyberattack, the cybercriminal sends an employee, or employees of a target organization, emails that appear to be from a legitimate vendor, customer, employee or associate. The cybercriminal usually attaches or includes fake invoices along with claims that a change in the bank account and/or contact information has occurred. This is usually followed by a request for the targeted organization to update their records and/or pay the invoice. Once the targeted organization completes the request to change the bank account and/or contact information, the cybercriminal is more likely to successfully deceive the organization into paying the fraudulent invoice and, in turn, sending funds to the cybercriminal(s).

Fraudsters commonly use pretexting and social engineering techniques, such as email address spoofing, to further convince the recipient that these attack emails are legitimate. Cybercriminals sometimes hack into an organization’s network and/or employees’ email accounts to observe common tones, language or styling of normal, everyday correspondence in an attempt to make attack emails seem similar to legitimate email messages.1

Here are some risk mitigation strategies that are recommended:

  • Carefully examine the email address, URL and spelling used in correspondence.
  • Verify payment and purchase requests in person or by calling the person at a known phone number to make sure the request is legitimate.
  • Verify any change in account or payment procedures with the person making the request by a known phone number on file.
  • Do not use the contact information provided in the emails, even if the requestor claims their number has changed.
  • Escalate any concerns if the payment change is suspicious - even after performing the callback.
  • Be cautious if the vendor offers vague reasons for changing or updating new account or contact information.
  • Avoid clicking on links or attachments in emails from unknown senders.2

If you feel that your email has been compromised or have any questions, please contact Texas Capital via secure message inside the online banking portal or call us at 877.839.2265, option 3, then option 2. For more details about Business Email Compromises and other fraud scams, you can visit our Privacy & Security Center.

 

References:

  1. IBM. What is a Business Email Compromise (BEC)?
  2. efraudprevention.net. Email Compromise Fraud scheme