HOULTON, Maine — The Houlton Rotary Club met for its luncheon meeting on Monday, July 17. Rotarian Katie Hill had two guests with her, Colby Pangburn and Casey Gove who are job shadowing with Hill at Katahdin Trust Company. Rotarian Jackie Jones brought her guest Jessica Giles from Machias Savings Bank, the speaker for the program.
Rotary Treasurer Paul Callnan presented the annual treasurer’s report with the key point that the club gave $36,000 to the community last year. Rotary President Matt Nightingale reminded members that the District Governor and the Woodstock Rotary Club will be attending the July 24 meeting.
Jones introduced Giles as a colleague at Machias Savings Bank, who is based in Brewer but travels the County to oversee business accounts. Giles is assistant vice president in cash marketing solutions. She has worked at MBS since 2009 and works with clients to create and deliver proposals for cash management service.
Giles’ topic centered on a serious concern: fraud and business email compromise (BEC) scams. The past nine years has seen a huge rise in this attack on business. An example would be a “CEO” requesting funds to be wired with the subject line reading “need your help-pls keep it quiet” with a personal message asking for money to be wired immediately. The money when wired goes to a criminal. Fraudsters are clever at tricking business employees as 7,000 businesses have been victimized at a loss of $750 million at a 270 percent increase for the period of January through August in the year 2015.
Three examples of BEC attacks would be a simple wire request from a compromised email account; a faked vendor invoice; or an elaborate story designed to be believable. Research is done on the target to impersonate and give a receivable message. Look-a-like domains are created as an email trick to send to a finance department for direct requests of funds and using a confidential subject line with “attorney will call.”
The “three C’s” for detecting BEC fraud are check, confirm, and coach. Always double check the fishy email address, be suspicious of “only use reply” statements and think about whether this is typical behavior for your CEO. Confirm would be to use an alternate communications channel to confirm the request, ask the CEO by reconfirming the request and implement dual controls. Coach involves educating the business employees to double check and encourage this cautionary behavior and being conscious of how information on the website and social media can be used.
Giles recommended three resources: FBI/IC3 alert at www.ic3.gov/media/ 2015/150827-1.aspx, the Internet Crime Complaint center at www.IC3.gov and Best Practices for businesses to detect BEC at www.GuardianAnalytics.com/BEC_BP.