More than 150 official reports on Business E-mail Compromise Fraud instances have been filed since 2016 with the Romanian Police, according to a press statement released by the Romanian General Police Inspectorate (IGPR) on Sunday.
According to IGPR, the global outbreak of this type of fraud has generated documented losses in excess of 6 billion US dollars in2016-2017, recorded in over 40,000 such incidents.
IGPR says the Business Compromise Fraud – “BEC Fraud” is a complex fraud targeting commercial companies that work with foreign suppliers or customers (foreign trade activities) and regularly make payments through bank transfers.
The IGPR caseload shows that commercial companies carrying out business activities in Romania (of a Romanian legal personality) have been the victims in most cases, in that they sent money to accounts other than the legal ones of the external suppliers.
The same analysis showsthat, in almost all the reported cases, the compromise of the computer systems, namely of the e-mail address, took place at the foreign commercial companies which were conducting business relations with Romanian ones.
“Most victims reported using online transfers as their current method of payment to external suppliers or business partners, based on a previous business relationship and good faith in business practice.”
According to IGPR, the defrauded Romanian companies do not have a specific object of business, and their common element is the fact that they all carry out foreign trade activities and make current payments abroad.
IGPR recommends caution regarding sudden changes in previously established business practices with trading partners, especially e-mail accounts, bank accounts and payment currencies, as well as the country where the accounts are opened.
At the same time, IGPR recommends phone check of the supplier or customer by dialling a previously held and tested phone number to see whether or not the requested changes in the e-mail are real. Increased attention is also needed to online posting, particularly in the social media area and on the company’s website, of detailed information on the hierarchy of people working in the company, their duties as well as bank accounts and full details and the means of communication used.