- Confirm the source and instructions of any monetary transaction received via email through a separate means of communication, such as a phone call. Replies to the email are not an effective verification method as they could be sent to the threat actor.
- While an email may appear to come from a known and trusted account, that account may have been compromised. Verify all requests for the transfer of money.
- Do not submit your credentials (username and password) to websites with URLs unassociated with an official organization or business.
- If you act on a financial BEC scam, notify your supervisor and banking institution immediately to attempt to disrupt the transfer of funds.
- Create a policy and procedure for identifying and reporting BEC emails, including periodic employee awareness training.
- Establish policies and procedures that require any requests for highly sensitive information or large financial transactions to be authorized and approved by multiple individuals via a secondary means of communication beyond email.
- Review the Don’t Be Fooled: Ways to Prevent BEC Victimization NJCCIC Informational Report for additional information.
