Business fraud, especially fraud via email is becoming sophisticated with the purpose of stealing information and financial exploitation. Accordingly, it is also becoming more difficult to identify and be prepared when fraudsters always make subtle changes in the exchange of information or take advantage of business’s internal vulnerabilities. 
 

To prevent risks of losing data, information as well as financial damage, business needs to fully understand all safety methods via this article.   


diamonicon-5bddf9dcae.svg What is fraud via business email?


Fraud via business email is a form of spear phishing attack. Fraudsters either use spoofed email or hack into your internal or partner's email accounts, enabling them to carry out these actions:

  • Making fake payment requests
  • Changing payment address
  • Leaking important information
  • Speading links that contain malwares to steal personal and business information

 


diamonicon-5bddf9dcae.svg How to indentify signs:

  • Irregular requests for personal identification (such as identity papers, employee ID number, login address, password,...) via email
  • Sudden requests for advance payments or changing payment address
  • Using urgent tone of voice, requesting for important issues, such as invoices’ payment or even intimidation of production delays,...
  • Receiving emails with general opening statement. For instance: “Dear customer”
  • Attaching unknown links, documents, data or requesting for login/registration through unverified websites

 


diamonicon-5bddf9dcae.svg Examples of frauds via business email

 

Example 1 - Fake email address:

Fraudsters impersonate your partners (contractors, suppliers, creditors or senior executive board members), using email address with slight changes from the original one. 
Particullarly, they add or remove characters, or use look alike characters. Read the examples as below:

Original email address

Fake email address

Fraud method
nguyen.van.a@congty.com nguyen.van.a@congtyy.com Fraudsters add another “y” next to original email address to avoid detection
lan@mail.com (with the lower L) Ian@mail.com (with the capital i) Fraudsters use look alike character

Using a fraudulent email address, the fraudsters continue to send requests to the business’s payment department, demanding payments for overdue amounts to a new account provided by the fraudsters.

 

Example 2 – Illegally breaking into business email and changing payment address:

Fraudsters intrude unauthorized into the business or partner's email with the intention of altering or falsifying payment information, redirecting funds to a new account controlled by the fraudsters.

This can be done by malware through sending unverified links, documents, and data to internal emails. When an internal user accidentally accesses it, the malware spreads and allows the fraudsters to take over the account.

 


diamonicon-5bddf9dcae.svg Consequences for businesses

Businesses may suffer many damages from different aspects, such as:

  • Financial loss due to following fake/false payment information
  • Loss of information, data, and internal documents (especially confidential and top secret information), affecting business production, plans and activities...
  • Become an indirect source to continue spreading malware to customers and partners
  • Being impersonated to carry out illegal activities that harm the reputation and image of the business

 


diamonicon-5bddf9dcae.svg How to prevent frauds via business email

Double-check email addresses, URLs and spelling:

When exchanging information via email with your partner, be cautious of any unusual payment requests. Always carefully verify the email address and provided payment details. Please ensure that email address matches exactly with the email address available in your records. 
 

Stay alert to any changes in payment information from partners:

Make sure to confirm or discuss any changes in payment details with your partner (such as the director or project manager) through phone or direct communication. Take the initiative to research and verify contact information, and call your partner directly to ensure the accuracy of all requests. 
 

Avoid clicking on suspicious links or downloading unverified documents:

Do not click on unfamiliar links or download attachments in emails, messages, or any other online content. If you have doubts, report it to the relevant department to prevent any potential risks. 
 

Be careful with urgent requests:


Be wary of urgent emails or those that intentionally create pressure to take immediate action. Before proceeding with any transactions or contacting your partner, thoroughly review all essential information and consider confirming it directly.

 

If you require assistance, please contact: