Back to Resource Center

Understanding Email and Cell Phone Takeover Scams

someone using their cell phone

Two of the fastest-growing cyber threats facing businesses today are business email compromise (BEC) and cell phone takeovers. So, it’s critical that you and your team know how to recognize these scams. 

The Threat of Business Email Compromise 

According to the FBI, billions of dollars have been stolen globally through sophisticated BEC scams. Often these attacks begin with phishing emails to steal login credentials. Once they have access to the email account, attackers monitor conversations for days or even months, then send realistic—but fraudulent—requests. 

Criminals may impersonate a trusted vendor, a member of your executive team or any number of other business contacts. Their requests can seem legitimate. By impersonating someone you know, they’re hoping you’ll act based on trust. 

That’s why it’s imperative that you slow down and take the time to verify all requests. 

Watch out for these elements in particular: 
  • Changes in payment instructions or details
  • Urgent need to send money, gift cards or confidential information.
  • Demands for secrecy.
  • Unexpected attachments
  • Subtle spelling errors or odd language 

The Danger of Cell Phone Takeovers 

Scammers employ a variety of tactics when it comes to cell phone takeovers. Some of the most common are SIM swaps or porting-out fraud. No matter what method they choose, the criminal’s main goal is to gain control over your phone number. With control of your phone number, scammers can reset passwords and access any number of your accounts. 

How does this cell phone takeover work? 

First, they gain personal details through phishing, social media or data breaches. Then scammers contact mobile carriers and impersonate their victim. All they need to do is trick the carrier into transferring over the phone number to a new SIM – one the scammer controls. 

Warning signs: 
  • Sudden loss of cell service and inability to call or text.
  • Alerts from your carrier about SIM changes you didn’t request.
  • Unexpected password reset notifications. 

How to Defend Your Business from Email and Cell Phone Scams 

The good news is that practical steps can reduce your risk. 

  • Verify all email requests to change payment details, including how the change was received and why the change is necessary, by calling the vendor using a trusted phone number already on file—never use one from a suspicious email.
  • Enable account alerts to quickly detect unusual activity.
  • Educate your employees about phishing, social engineering and cybersecurity. Ongoing training lowers risk.
  • Ask your mobile carrier about enabling SIM protection by setting up a PIN or password to block unauthorized SIM swaps.
  • Switch to an app for multifactor authentication, like Microsoft Authenticator, Duo, or Google Authenticator. These offer greater security than text-message codes. 
If you suspect your company has been targeted, act fast. 
  • Contact your local branch to secure your bank accounts.
  • Notify your internal IT or security team.
  • Alert your mobile carrier immediately to regain control of your phone.
  • Notify law enforcement. 

Business email compromise and cell phone takeovers are serious threats, but they are not inevitable. With the right safeguards and procedures, your company can mitigate your risk. Always remember to be cautious and confirm all the details before acting. 

Want to keep learning about the latest scams? Check out our Resource Center.

Back to Resource Center