As we embark on the holiday season, beware of text and email phishing scams. Before you click on a text or email link coming from us with an urgent message, contact your banker or call Customer Service (800-287-0301) to confirm.  

You have safely signed out. Thank you for banking with Amegy Bank.

Your session expired and you have been signed out for your safety.

FRAUD PREVENTION

Business Email Compromise

Learn how you can help safeguard your business from fraudulent emails that can trick employees into sending money or sharing company information.

How are you safeguarding your business against malicious emails?

Being knowledgeable about security is the best deterrent against fraud. Consider these tips on identifying and avoiding complex email scams targeting businesses today.  


Five types of Business Email Compromise to watch out for:

  • CEO Impersonation: A fraudster impersonates a CEO, CFO, or another executive of a company by creating a fake email address that often looks legitimate or by hacking a real user’s account. Using this email address, they ask an employee to transfer funds to a bank account controlled by the fraudster.
  • Account Compromise: An employee of a company has their email address compromised. The account is then used to request, initiate, or authorize the transfer of funds to a bank account controlled by the fraudster.
  • False Invoice Scheme: A fraudster pretends to be a supplier by compromising the supplier’s email system or sending a spoofed email on behalf of a supplier. They use the account to request fraudulent payments or change payment instructions.
  • Attorney Impersonation: A fraudster claims to be an attorney and issues a fraudulent request warning of the consequences of noncompliance, including the prospect of litigation. Employees at lower levels are commonly targeted with this scheme.
  • W-2 Form and Other Data Theft: A fraudster targets a company’s HR department to obtain an employee’s W-2 tax form or other personally identifiable information, which can then be leveraged in a future attack. Executives are frequently targeted in this type of scheme.


Although these are commonly used schemes, fraudsters use many tactics. This is not an exhaustive list of all BEC scams one might encounter. 



How to identify Business Email Compromise

Spotting BEC scams before losses are incurred can be as simple as knowing what to look for. Malicious emails may often contain strange phrases, syntax, fonts, date formats, misspellings in the domain or name of the purported sender. The FBI outlined a few indicators that should draw suspicion:

  • Unexplained urgency.
  • Last-minute changes in payment instructions or recipient account information.
  • Last-minute changes in established communication platforms or email account addresses.
  • Communications only in email and refusal to communicate via telephone or online voice or video platforms.
  • Requests for advance payment of services when not previously required.
  • Requests from employees to change direct deposit information.
  • Strange requests to do something outside of the approved policy or procedure. 

Best Practices to Consider

Help combat email compromise scams by becoming familiar with the various tactics and taking precautions before and after you receive payment requests. 

Create company policies: 

  • Contact the sender to verify they sent the email 
  • Validate payment instructions with the details you have on file 
  • Implement multiple approvals for large remittance amounts 
  • Establish approval protocols when executives initiate a transaction 
  • Set checks and balances 

Ensure employees understand how to decipher fraudulent emails and URLS. 

  • Do all the details in the email match what you have on file? 

Supply employees with instructions if they suspect or experience fraud.

  • It’s important to act quickly. If your business is targeted, remember to alert your IT department and Amegy Bank immediately, and file a complaint with the FBI Internet Crime Complaint Center (IC3)

Integrate prevention strategies with a combination of technical and non-technical security controls.  

  • Build in system controls within the IT portion of your business to map existing workflows for ACH and wire payments. Identify weaknesses that could expose you to risk. 

Before your business receives a payment request:

Implement a dual approval requirement and limit the number of people who have authority to send money.

Establish intrusion detection rules that flag emails from addresses with domain names similar to the company’s domain name and where the reply address is different from the email address shown.

Utilize callback thresholds for monetary transactions.

Avoid sharing confidential information before confirming you are communicating with a trusted source.

Work with vendors on a secure process to receive and verify payment instructions.

After your business receives a payment request:

Perform a callback to a known client number (not the number in the request).

Carefully review all email requests, especially if they provide new payment instructions. 

Avoid replying to suspicious emails.

Avoid clicking on links or opening attachments if you do not recognize the sender.

Exercise additional scrutiny and verify changes with a secondary sign-off if changes are made to a payment request.

  


Contact Us

Customer Service

800-287-0301

Make Appointment

Schedule an appointment

Visit a Branch

Find a location near you

Warning: you’re about to leave!

You're about to leave Amegy Bank's website and be directed to a website that is not affiliated with Zions Bancorporation, N.A. dba Amegy Bank and may have a different privacy policy and level of security. Zions Bancorporation, N.A. is not responsible for, and does not endorse or guarantee, the privacy policy, security, accuracy, or performance of the third party’s website, or the information, products, or services that are expressed or offered on that website.

Warning: you’re about to leave!

You're about to leave Amegy Bank's website and be directed to a website that is not affiliated with Zions Bancorporation, N.A. dba Amegy Bank and may have a different privacy policy and level of security. Zions Bancorporation, N.A. is not responsible for, and does not endorse or guarantee, the privacy policy, security, accuracy, or performance of the third party’s website, or the information, products, or services that are expressed or offered on that website.

Warning: you’re about to leave!

You're about to leave Amegy Bank's website and be directed to a website that is not affiliated with Zions Bancorporation, N.A. dba Amegy Bank and may have a different privacy policy and level of security. Zions Bancorporation, N.A. is not responsible for, and does not endorse or guarantee, the privacy policy, security, accuracy, or performance of the third party’s website, or the information, products, or services that are expressed or offered on that website.

Warning: you’re about to leave!

You're about to leave Amegy Bank's website and be directed to a website that is not affiliated with Zions Bancorporation, N.A. dba Amegy Bank and may have a different privacy policy and level of security. Zions Bancorporation, N.A. is not responsible for, and does not endorse or guarantee, the privacy policy, security, accuracy, or performance of the third party’s website, or the information, products, or services that are expressed or offered on that website.

Warning: you’re about to leave!

You're about to leave Amegy Bank's website and be directed to a website that is not affiliated with Zions Bancorporation, N.A. dba Amegy Bank and may have a different privacy policy and level of security. Zions Bancorporation, N.A. is not responsible for, and does not endorse or guarantee, the privacy policy, security, accuracy, or performance of the third party’s website, or the information, products, or services that are expressed or offered on that website.

Warning: you’re about to leave!

You're about to leave Amegy Bank's website and be directed to a website that is not affiliated with Zions Bancorporation, N.A. dba Amegy Bank and may have a different privacy policy and level of security. Zions Bancorporation, N.A. is not responsible for, and does not endorse or guarantee, the privacy policy, security, accuracy, or performance of the third party’s website, or the information, products, or services that are expressed or offered on that website.