Support
  1. Key CashFlow
  2. Security
  3. Lite: Security

Protect yourself: Cybercriminals utilizing Business Email Compromise (BEC) schemes to impersonate vendors and company executives

It is increasingly common for cybercriminals to use a tactic called Business Email Compromise (BEC) to commit payments fraud. In this scheme, criminals use email systems to:

  • Impersonate an employee or executive requesting that payments be made to an illegitimate vendor or bank account
  • Impersonate an existing vendor via email to provide illegitimate bank account information for future payments.

With BEC becoming an increasing threat, we'd like to be able to help you understand this threat and warn you if we see any red flags. You will see this banner when editing a vendor's bank account:

When you see this banner, pay extra attention and validate the bank information and payment instructions before initiating payments.

To help you learn how you can protect yourself and your business from BEC losses, here are some topics to review:

3 ways to help guard against BEC

Here are some recommended best practices and Key CashFlow features designed to help you protect your business from BEC fraud losses:

  1. Watch out for impersonators: If you receive payment instructions from an employee or an executive by email, or if you receive bank account number updates to bank from a vendor by email, be sure to follow up with them or a trusted contact by phone to verify their instructions. Never rely on email alone, as it may have been compromised.
  2. Connect to vendors in the Network whenever possible: If your vendor is part of the Network, they manage their own bank account information, so you don't need to manage it within Key CashFlow.
  3. Watch for unusual payment requests: Be extra vigilant with first-time vendors. Also be wary of rushed or urgent payment requests—don’t cut any corners just to meet a deadline.

You may be liable for unauthorized or fraudulent payments originated using your customer's security credentials. Using fraud prevention best practices and processes may help protect your business and reduce the risk of loss.

Other best practices and precautions

Below are additional suggestions for protecting you and your business from BEC:

Employees

Watch for bogus email messages disguised to appear as real: Fraudsters commonly spoof legitimate email domains with ones that look similar (e.g., name@busines.com or name@business.net instead of name@business.com).

Hover over or reply to an email address to make sure it isn’t being masked as something it’s not. Be suspicious of request for secrecy or pressure to take action quickly.

Immediately report and delete unsolicited email from unknown parties.

Management

Provide basic training and advanced education for employees to recognize BEC and phishing schemes.

Be careful what you post to social media and company websites, especially job duties and descriptions, staff hierarchy information, and out-of-office details.

Make sure temporary staff covering for your payments employees understand that criminals may pose as employees or vendors to try and manipulate them.

Create intrusion detection system rules that flag emails with extensions that are similar to company email.

Register all company domains that are slightly different than the actual company domain.

What if I’ve been targeted?

If you believe you’re a victim of a BEC attack, report it to local law enforcement immediately.

If you believe that Key CashFlow has been compromised, please contact our Support team immediately.

Disclaimer

The information provided in this article is intended only to be a resource to help Key CashFlow users protect themselves against cyber fraud. It does not provide a comprehensive list of all types of cyber fraud activities, or identify all types of cybersecurity best practices. Key CashFlow does not represent or warrant that using the best practices or other recommendations contained in this article will prevent BEC or any other type of payment fraud or cyber fraud.

Account Setup View all

Connecting with my Vendors View all

Making Payments View all

Bill Management View all

Get Paid (Receivables) View all

Networking with Vendors and Customers View all

Reporting View all

Import / Export View all

QuickBooks Online View all

Xero View all

QuickBooks for Windows View all

NetSuite / Intacct View Intacct View NetSuite

    Load more

    FAQ

    How do I make a payment without creating a bill? How do I pay a bill? How do I process items from the Inbox? How do I add a vendor? How do I apply vendor credits? How do I attach a document to an offline payment? How do I add another user? When will my payment arrive? Process date vs. arrives by date How do I cancel a payment? When can I void a payment? How do I contact Key CashFlow Support?

    Can’t find your answer?

    For phone support, please contact KeyBank Commercial Banking Services at 1-800-539-9039, Option 5, Monday - Friday 8am-8pm ET.

    Chat & Email Support are available Monday - Friday, 8am-9pm ET.

    Email Support
    Message Center