www.nbcnews.com Open in urlscan Pro
2a02:26f0:ea:4ad::2506  Public Scan

Form analysis
1 forms found in the DOM

GET https://www.nbcnews.com/search

<form action="https://www.nbcnews.com/search" method="GET" class="search-form js-search-form"><label class="search-label" for="q" id="search_label">Search</label>
  <div class="search-inner"><input type="search" class="search-input js-search-input" aria-labelledby="search_label" id="q" name="q" placeholder="Search BETTER"><button class="search-button"><span class="search-button-icon"><svg
          xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" aria-labelledby="search_title">
          <title class="search_title">Search</title>
          <path fill-rule="evenodd" d="M13.773 11.649L20 17.876 17.876 20l-6.227-6.227a7.508 7.508 0 112.124-2.124zm-6.265.364a4.505 4.505 0 100-9.01 4.505 4.505 0 000 9.01z"></path>
        </svg></span></button></div>
</form>

Text Content

IE 11 is not supported. For an optimal experience visit our site on another
browser.
SKIP TO CONTENT
 * News
 * NBC News NOW
 * Nightly News
 * Meet the Press
 * Dateline
 * MSNBC
 * TODAY

Search

Better Logo
by TODAY
Sponsored By

 * Diet & Fitness
 * Careers
 * Money
 * Wellness
 * Relationships



'Can you do me a favor?' Here's how to protect yourself from business email
scams

 * Share this —
 * 
 * 
 * 
 * 
 * 

NBC News Logo
by TODAY
 * A BETTER WAY
 * CAREERS
 * DIET + FITNESS
 * MONEY
 * ONE SMALL THING
 * RELATIONSHIPS
 * WELLNESS
 * BETTER BUSINESS
 * HEALTHY RECIPES
 * 30-DAY WORKOUTS
 * CLEANING GUIDE

Follow better

 * 
 * 
 * 

More from NBC

 * News
 * Think

 * About
 * Contact
 * Help
 * Careers
 * Ad Choices
 * Privacy Policy
 * Cookie Notice
 * CA Notice
 * Terms of Service
 * NBC News Sitemap
 * Advertise

© 2022 NBCNEWS.COM

Search
Search
 * Facebook
 * Twitter
 * Email
 * SMS
 * Print
 * Whatsapp
 * Reddit
 * Pocket
 * Flipboard
 * Pinterest
 * Linkedin




Good Cents


'CAN YOU DO ME A FAVOR?' HERE'S HOW TO PROTECT YOURSELF FROM BUSINESS EMAIL
SCAMS

These spoofed email scams result in more losses than any other type of fraud,
BBB says.

Crooks send an email designed to look like it’s from the CEO to the CFO. It
instructs them to handle an “urgent matter” by making an immediate
payment.Maskot / Getty Images
Sept. 30, 2019, 4:17 PM UTC
By Herb Weisbaum

It was just before Christmas last year when Robin received an email from the CEO
at her consulting company in North Carolina. The email said he was out of town —
which he was — and that she should buy gift cards for corporate holiday
presents. The email also instructed her to email the information off the back of
each card.

Robin did what any good employee would do — she bought the gift cards (using her
corporate credit card) and emailed the card numbers and PINs, as instructed.




Later that day, Robin discovered the request to buy those gift cards was not
from her boss; it was from hackers who had “spoofed” his email. Robin had
emailed the card information to the scammers, who quickly drained the $10,000
that she had loaded on them.

“I was so upset that I just burst into tears and called my mom, even though I’m
almost 35 years old,” Robin told NBC News BETTER.

To make matters worse, her company said she was responsible to eat the loss. It
took her months to convince the credit card company to help. Robin, who asked
that we not use her full name, had fallen victim to a Business Email Compromise
(BEC) scam.


RELATED

Pro Tips


PRO TIPSA FORMER CONMAN SHARES HIS TIPS FOR PROTECTING YOURSELF FROM FRAUDSTERS

A new investigative report from the Better Business Bureau calls BEC a “serious
and growing” problem that has tripled over the last three years , resulting in
more losses than any other type of fraud in the U.S.



Total reported losses to BEC scams in the U.S. during the last three years
topped $3.5 billion, according to a September alert from the FBI’s Internet
Crime Complaint Center (IC3). However, the scammers attempted to steal another
$26 billion domestically and internationally, based on complaints.

So, why don’t we hear more about this?

“Businesses don’t want to talk about it; they’re embarrassed and don’t want to
look vulnerable,” said Steve Baker, the Better Business Bureau’s international
investigations specialist, who wrote the BBB report. “But ask just about any
organization and they’ll probably tell you they’ve received an email attempting
some version of this fraud.”


HOW TO PROTECT YOURSELF FROM GOVERNMENT PHONE SCAMS

Aug. 12, 201901:58



WHY DO BEC SCAMS FOOL SO MANY PEOPLE?

Fraud experts say it’s because employees are bombarded with email at work, and
we assume email is sent by the person in the “from” line. Also, successful BEC
scammers do their homework to get the details right.



“The criminals in these cases typically do quite a bit of reconnaissance to make
sure that they can make their particular pretext seem believable,” said Herb
Stapleton, a section chief within the FBI's Cyber Division. “They'll know the
names or email addresses of key people within a company, and that allows them to
make that information more believable.”


A FAMILY OF SCAMS

BEC scams describes a family of schemes that have different storylines, but all
involve some form of email deception.

“They use a bunch of techniques, but most of them are just high-pressure,
high-stress tactics to make this person send the money,” said John Kuhn, senior
threat researcher with IBM X-Force Iris.



Here are a two of the most common BEC scenarios targeted at employees:


1. BOGUS REQUESTS TO SEND MONEY

The crooks send an email designed to look like it’s from the CEO to the CFO or
someone authorized to make wire transfers. It instructs them to handle an
“urgent matter” by making an immediate payment. To discourage checking back with
the CEO, the bogus email states that they are out of the office or tied up in
meetings and can’t be reached.


2. PHONY VENDOR CHANGE OF PAYMENT INSTRUCTIONS

In this scenario, the phony email appears to come from a known contractor or
vendor who claims to have changed bank accounts. It requests future bill
payments be sent to the new account, one that’s controlled by the criminals. If
successful, the fraudsters could receive payments for months before the scam is
discovered.



Thirty percent of all BEC scams last year involved fraudulent vendors or client
invoices, according to a recent report by the U.S. Treasury Department’s
Financial Crimes Enforcement Network (FinCEN).

To guard against these two types of BEC fraud, companies must establish
procedures that make it clear: Wire transfers cannot be made, payment accounts
cannot be changed, and large purchases cannot be made without double-checking by
phone that the request — even from senior management — is legitimate.

“Don't text them, if you received this message by text; don't e-mail them, if
you receive this message by email because a hacker might have control of that,”
explained Amy Nofziger, director of fraud victim support at AARP. “Call your
boss or whoever made the request at the phone number you have for them and
verify that this is something that they're really asking you to do.”


RELATED

Good Cents


GOOD CENTSWORRIED ABOUT A RECESSION? MONEY EXPERTS SAY TO FOCUS ON THESE THINGS


A DIFFERENT TWIST: INTERCEPTING MONEY IN REAL ESTATE TRANSACTIONS

Real estate BEC targets people buying homes. It’s designed to steal the proceeds
of a home sale, so the losses can be staggering.



If hackers can get into the computer system of one of the parties involved in
the transaction — the realtors, title company, buyer or seller — they can access
all the details of the sale. Then, a few days before closing, the fraudsters
emailed the buyer, pretending to be the realtor or title company, with
instructions to use a new bank account number — the crook’s bank account — for
the wire transfer.

Real estate BEC fraud grew from 9 percent of all cases in 2017 to 16 percent
last year, FinCEN reports, with an average loss of $179,000. In many cases, the
theft derails the transaction and leaves the victims homeless.

“We were mortified, like oh my God, what just happened; $400,000 is a lot of
money,” said a victim in Washington state who asked us to call her Sue.

Sue and her husband were helping a family member buy a house. Days before
closing, they received an email that appeared to be from the title company that
seemed legitimate — it had all the names, timeline and dollar amount correct.


RELATED

Good Cents


GOOD CENTSDO YOU KNOW HOW TO SPOT THESE FACEBOOK PRIZE SCAMS?

“The email said to send the money to another bank and here's the account
number,” Sue recalled. It was different from the original directions from the
title company, which in hindsight, should have been set off bells and whistles,
but we had no reason to question it.”



Sue was lucky, she was able to get her money back, but she wants others to learn
from her experience.

“Be suspicious and question everything,” she told NBC News BETTER. “Don’t simply
rely on digital communications [when large amounts of money are involved].
Confirm things by phone and make sure it’s legitimate.”

Responding to this growing threat, many real estate agents, title companies and
lenders now warn their customers in writing that they need to verify by phone
any change of instructions about closing that they receive via email. Some
states now require this disclosure.



Be suspicious and question everything.




VICTIMS NEED TO FILE A REPORT

It’s never easy to admit that you’ve been scammed, but the FBI urges anyone
who’s been targeted by a BEC scammer to file a complaint with the Internet Crime
Complaint Center (IC3). This information can be used to go after the bad guys
and possibly recover some of the stolen funds. You can also report the fraud to
the BBB Scam Tracker.



In early September, the FBI announced the results of Operation reWired, a joint
investigation with 10 foreign countries. The sweep resulted in 281 arrests, the
seizure of nearly $3.7 million and the disruption and recovery of approximately
$118 million in fraudulent wire transfers.


NEXT: USE PAYMENT APPS LIKE VENMO, ZELLE AND CASHAPP? HERE'S HOW TO PROTECT
YOURSELF FROM SCAMMERS

CORRECTION (Oct. 3, 2019, 3:40 p.m.): An earlier version of this article
misstated Herb Stapleton's current title at the FBI. He is now section chief
within the agency’s Cyber Division; previously, he was the assistant special
agent in charge of the Cincinnati Field Office.

Want more tips like these? NBC News BETTER is obsessed with finding easier,
healthier and smarter ways to live. Sign up for our newsletter and follow us on
Facebook, Twitter and Instagram.

Herb Weisbaum

Herb Weisbaum is a contributor to NBC News and writes about consumer-related
issues. He can be found on Facebook, Twitter, or The ConsumerMan website.



 * About
 * Contact
 * Help
 * Careers
 * Ad Choices
 * Privacy Policy
 * Do Not Sell My Personal Information
 * CA Notice
 * Terms of Service
 * NBC News Sitemap
 * Advertise

© 2022 NBC UNIVERSAL

NBC News LogoMSNBC LogoToday Logo



WE AND OUR PARTNERS USE COOKIES ON THIS SITE TO IMPROVE OUR SERVICE, PERFORM
ANALYTICS, PERSONALIZE ADVERTISING, MEASURE ADVERTISING PERFORMANCE, AND
REMEMBER WEBSITE PREFERENCES. BY USING THE SITE, YOU CONSENT TO THESE COOKIES.
FOR MORE INFORMATION ON COOKIES INCLUDING HOW TO MANAGE YOUR CONSENT VISIT OUR
COOKIE POLICY.
CONTINUE


COOKIE NOTICE

This Cookie Notice (“Notice”) explains how NBCUniversal and its affiliates
(“NBCUniversal” or “we”), along with our partners, including advertisers and
vendors, use cookies and similar tracking technologies when you use our
websites, applications, such as games, interactive TV, voice-activated
assistants, and other services that link to this policy, as well as connected
devices, including those used in our theme parks (“Services”). This Notice
provides more information about these technologies, your choices, and is part of
the NBCUniversal Privacy Policy available here. You should read the Privacy
Policy and this Notice for a full picture of NBCUniversal’s use of your
information.

WHAT ARE COOKIES AND HOW ARE THEY USED?

Like many companies, we use cookies (small text files placed on your computer or
device) and other tracking technologies on the Services (referred to together
from this point forward as “Cookies”, unless otherwise stated), including HTTP
cookies, HTML5 and Flash local storage/flash cookies, web beacons/GIFs, embedded
scripts, ETags/cache browsers, and software development kits.

First-party Cookies

First-party Cookies are placed by us (including through the use of third-party
service providers) and are used to allow you to use the Services and their
features and to assist in analytics activities.

Third-party Cookies

Certain third parties may place their Cookies on your device and use them to
recognize your device when you visit the Services and when you visit other
websites or online services. These third parties collect and use this
information pursuant to their own privacy policies. Third-party Cookies enable
certain features or functionalities, and advertising, to be provided on the
Services.

Types of Cookies

The Services use the following types of first and third-party Cookies for these
purposes:

Strictly Necessary Cookies: These Cookies are required for Service
functionality, including for system administration, security and fraud
prevention, and to enable any purchasing capabilities. You can set your browser
to block these Cookies, but some parts of the site may not function properly.

Information Storage and Access: These Cookies allow us and our partners to store
and access information on the device, such as device identifiers.

Measurement and Analytics: These Cookies collect data regarding your usage of
and performance of the Services, apply market research to generate audiences,
and measure the delivery and effectiveness of content and advertising. We and
our third-party vendors use these Cookies to perform analytics, so we can
improve the content and user experience, develop new products and services, and
for statistical purposes. They are also used to recognize you and provide
further insights across platforms and devices for the above purposes.

Personalization Cookies: These Cookies enable us to provide certain features,
such as determining if you are a first-time visitor, capping message frequency,
remembering choices you have made (e.g., your language preferences, time zone),
and assist you with logging in after registration (including across platforms
and devices). These Cookies also allow your device to receive and send
information, so you can see and interact with ads and content.

Content Selection and Delivery Cookies: Data collected under this category can
also be used to select and deliver personalized content, such as news articles
and videos.

Ad Selection and Delivery Cookies: These Cookies are used to collect data about
your browsing habits, your use of the Services, your preferences, and your
interaction with advertisements across platforms and devices for the purpose of
delivering interest-based advertising content on the Services and on third-party
sites. Third-party sites and services also use interest-based Advertising
Cookies to deliver content, including advertisements relevant to your interests
on the Services and third-party services. If you reject these Cookies, you may
see contextual advertising that may be less relevant to you.

Social Media Cookies: These Cookies are set by social media platforms on the
Services to enable you to share content with your friends and networks. Social
media platforms have the ability to track your online activity outside of the
Services. This may impact the content and messages you see on other services you
visit.

We and third parties may associate Measurement And Analytics Cookies,
Personalization Cookies, Content Selection, Delivery Cookies, and Reporting, Ad
Selection, Delivery and Reporting Cookies, and Social Media Cookies with other
information we have about you.

COOKIE MANAGEMENT

Depending on where you live, you may be able to adjust your Cookie preferences
at any time via the “Cookie Settings” link in the footer of relevant websites.
You can also use the methods described below to manage Cookies. You must take
such steps on each browser or device that you use. If you replace, change or
upgrade your browser or device, or delete your cookies, you may need to use
these opt-out tools again. As some Cookie-management solutions also rely on
Cookies, please adjust your browser Cookie settings carefully, following the
relevant instructions below.

Browser Controls: You may be able to disable and manage some Cookies through
your browser settings. If you use multiple browsers on the same device, you will
need to manage your settings for each browser. Please click on any of the below
browser links for instructions:

Google Chrome
Apple Safari
Mozila Firefox
Microsoft Internet Explorer

If the browser you use is not listed above, please refer to your browser’s help
menu for information on how to manage Cookies. Please be aware that disabling
cookies will not disable other analytics tools we may use to collect information
about you or your use of our Services.

Analytics Provider Opt-Outs: To disable analytics Cookies you can use the
browser controls discussed above or, for some of our providers, you can use
their individual opt-out mechanisms:

Google’s Privacy Policy and Google Analytics Opt-Out
Omniture’s Privacy Policy and Omniture’s Opt-Out
Mixpanel’s Privacy Policy and Mixpanel’s Opt-Out

The above are examples of our analytics providers and this is not an exhaustive
list. We are not responsible for the effectiveness of any other providers’
opt-out mechanisms.

Flash Local Storage: These cookies are also known as local shared objects and
may be used to store your preferences or display content by us, advertisers and
other third-parties. Flash cookies need to be deleted in the storage section of
your Flash Player Settings Manager.

Interest-Based Advertising: Most third-party advertisers offer a way to opt out
of their interest-based advertising. For more information or to opt out of
receiving interest-based advertising from participating third-party advertisers,
depending on your country of residence, please visit:

Digital Advertising Alliance in the US
Digital Advertising Alliance of Canada
European Interactive Digital Advertising Alliance
Australian Digital Advertising Alliance

You can also opt out of some of the advertising providers we use by visiting
their opt-out pages:

Google’s Privacy Policy and Google Analytics Opt-Out Page
Facebook Privacy Policy and Facebook’s Opt-Out Page
Twitter Privacy Policy and Twitter’s Opt-Out Page
Liveramp’s Privacy Policy and Liveramp Opt-Out Page

These are examples of our advertising providers and this is not an exhaustive
list. In addition, we are not responsible for the effectiveness of any of these
providers’ opt-out mechanisms.

After you opt out, you will still see advertisements, but they may not be as
relevant to you.

Mobile Settings: You may manage the collection of information for interest-based
advertising purposes in mobile apps via the device’s settings, including
managing the collection of location data. To opt out of mobile ad tracking from
Nielsen or other third parties, you can do so by selecting the “Limit Ad
Tracking” (for iOS devices) or “Opt out of Ads Personalization” (for Android
devices) options in your device settings.

Connected Devices: For connected devices, such as smart TVs or streaming
devices, you should review the device’s settings and select the option that
allows you to disable automatic content recognition or ad tracking. Typically,
to opt out, such devices require you to select options like “limit ad tracking”
or to disable options such as “interest-based advertising,” “interactive TV,” or
“smart interactivity”. These settings vary by device type.

Cross-Device Tracking: If you would like to opt out of our browser-based
cross-device tracking for advertising purposes, you may do so by using the
various methods described above. You must opt out separately on each device and
each browser that you use. For more information about cross-device matching,
please visit the Network Advertising Initiative or the Digital Advertising
Alliance. If you opt out of cross-device tracking for advertising purposes, we
may still conduct cross-device tracking for other purposes, such as analytics.

Consequences of Deactivation of Cookies: If you disable or remove Cookies, some
parts of the Services may not function properly. Information may still be
collected and used for other purposes, such as research, online services
analytics or internal operations, and to remember your opt-out preferences.



CONTACT US

For inquiries about this Cookies Notice, please contact us at Privacy@nbcuni.com
or Chief Privacy Officer, NBCUniversal Legal Department, 30 Rockefeller Plaza,
New York, NY 10112, US.

For inquiries from users who reside in the European Economic Area, the United
Kingdom or Switzerland, please contact us at Privacy@nbcuni.com or Privacy,
Legal Department, Central Saint Giles, St Giles High Street, London, WC2H 8NU,
UK

CHANGES TO THIS NOTICE

This Notice may be revised occasionally and in accordance with legal
requirements. Please revisit this Cookie Notice regularly to stay informed about
our and our analytic and advertising partners’ use of Cookies.

STRICTLY NECESSARY COOKIES

Always Active

These Cookies are required for Service functionality, including security and
fraud prevention, and to enable any purchasing capabilities. You can set your
browser to block these Cookies, but some parts of the site may not function
properly.


BACK BUTTON PERFORMANCE COOKIES



Vendor Search Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

Close