A business email compromise (BEC), sometimes referred to as an email account compromise, relies on the fact that many of us use email to conduct business.
In a BEC scam, criminals send an email which may impersonate a university leader, colleague or a campus service. Some examples include:
- A university leader asks an assistant to purchase gift cards for employee rewards. They may ask for the serial numbers so the gift cards can be emailed immediately.
- A colleague asks if you’re available and asks for your cell phone number.
- An invoice scam where the email impersonates a vendor and requests an update to their mailing address.
In all of these cases, the criminal has spoofed an email address using a slight variation to fool victims into believing the email is legitimate.
Here is an example:
Recognizing BEC email
You can recognize a BEC email by some of the classic signs of a phishing email (Source: it.wisc.edu):
- The displayed name in the email From: line is someone you know but the sending address is from a free email service, often including wisc.edu in the account name (eg. bucky.badger-wisc.edu@gmail.com).
- The tone of the email conveys a sense of urgency.
- It contains a request for your cell phone number, so the impersonator can shift from email to SMS text messages.
Here is an example:
What to do if you receive a BEC email message
If you are ever unsure whether an email message is legitimate, DO NOT RESPOND to it! Instead, contact the DoIT Help Desk (Source: kb.wisc.edu) and ask for advice.
To report a phishing email received via Outlook, please click the “Report Phish” button on the toolbar/ribbon located at the top of your page. This action will send the questionable email to the UW–Madison Cybersecurity Operations Center.
If you do not see the “Report Phishing” button, then forward the message as an attachment (Source: KB 34567) to abuse@wisc.edu.
For additional information, please refer to: Office 365 – Submit a message as spam/phishing (Source: KB 45051).
What to do if you replied to a BEC email message
If you or someone you know replied to such a message resulting in the loss of funds, report it to:
- Cybersecurity Operations Center (CSOC) at cybersecurity@cio.wisc.edu
- Departmental leadership
- Departmental finance team (if there was a loss of university funds)
- The UW-Madison Police Department (if there was a loss of personal funds)
- Relevant banking institution
- The FBI at https://www.ic3.gov/
Immediately change your NetID password by following the instructions in NetID: Changing a Password (Source: KB 20589).
Tips for leadership
Help protect the university and the people in your team, department, unit or division from BEC email scams. Establish ahead of time how:
- Purchases are to be made and by whom
- You will normally communicate, e.g., only from your @wisc.edu email
- Requests can be verified and by whom