Texas Capital Bank Client Support will be closed for Veterans Day on Monday, November 11, 2024. We will be back to our normal 8:00 AM to 6:00 PM support hours on Tuesday, November 12, 2024. 

We will be making updates to our website from 8:00pm - 11:00 pm CST on 11/20. During this time, the website may experience some interruptions of functionality or be unavailable.

Understanding and Detecting Business Email Compromises

Fraud Awareness Week- 2024 Official Supporter

The Texas Capital Fraud Investigations team has recently seen a rise in Business Email Compromises (BEC) targeting and affecting our business clients. We have provided the information below to increase awareness and share actions to take if you suspect your business has been targeted.

In a typical BEC cyberattack, the cybercriminal sends an employee, or employees of a target organization, emails that appear to be from a legitimate vendor, customer, employee or associate. The cybercriminal usually attaches or includes fake invoices along with claims that a change in the bank account and/or contact information has occurred. This is usually followed by a request for the targeted organization to update their records and/or pay the invoice. Once the targeted organization completes the request to change the bank account and/or contact information, the cybercriminal is more likely to successfully deceive the organization into paying the fraudulent invoice and, in turn, sending funds to the cybercriminal(s).

Fraudsters commonly use pretexting and social engineering techniques, such as email address spoofing, to further convince the recipient that these attack emails are legitimate. Cybercriminals sometimes hack into an organization’s network and/or employees’ email accounts to observe common tones, language or styling of normal, everyday correspondence in an attempt to make attack emails seem similar to legitimate email messages.1

Here are some risk mitigation strategies that all employees should consider when receiving emails or other correspondence: 

  • Carefully examine the email address, URL and spelling used in correspondence. Verify payment and purchase requests in person or by calling the person
  • Verify payment and purchase requests in person or by calling the person at a known phone number to make sure the request is legitimate.
  • Be cautious if the vendor offers vague reasons for changing or updating new account or contact information.
  • Do not use the contact information in the signature block of the received email.
  • Watch for domain name changes.
  • Know Your Customer! If you haven’t spoken to the client, ask someone who has.
  • Hover over links in emails to verify the address prior to clicking.
  • Do not open emails or attachments from unknown sources.2

For additional fraud prevention resources, please visit our E-Fraud Prevention at https://efraudprevention.net/us/texascapitalbank/portal.html.

1IBM. What is a Business Email Compromise (BEC)?, https://www.ibm.com/topics/business-email-compromise 

2efraudprevention.net. Email Compromise Fraud scheme, https://efraudprevention.net/home/education/?a=126