BEC is a growing type of cybercrime that generates billions in losses every year. It also involves cryptocurrency more and more, providing an additional layer of anonymity to the cybercriminals.
Business Email Compromise is a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.
Social engineering or usage of malware makes it possible for cybercriminals to impersonate one of the people involved in those money transfers to make the victim send the money to a cybercriminal-owned banking account.
Once the fraud is detected, it is often too late to grab the money back, as the fraudsters make it move quickly to other accounts and cash it out or buy cryptocurrencies with it.
The scam is not yet always associated with a money transfer, as one variation of the fraud involves compromising legitimate business email accounts and requesting employees personally identifiable information, Wage and Tax Statement (W-2) forms or even cryptocurrency wallets, according to the agency.
Statistics collected by the FBI’s IC3 (Internet Crime Complaint Center), law enforcement and derived from filings with financial institutions between June 2016 and December 2021 revealed a total of 241,206 domestic and international incidents, for an exposed loss of $43,312,749,946.
Some data on how to protect yourself from BEC scams
- Use secondary channels or multi-factor authentication to verify requests for changes in account information. Make100% sure that the change request comes from a legitimate person. If there’s any doubt, don’t make the transfer.
- Ensure that the email is legitimate. Carefully check the links included in the email and check for all email properties. If there are attached files, use malware analysis sandboxes and products to be sure the file is not malicious. You can always ask for a manual inspection by your IT security staff.
- Do not send PII information via email, especially login credentials. Be aware that most requests for such information by email are fraud attempts, even if it seems to come from a legitimate trusted entity.
- Monitor all financial accounts of the company on a regular basis for irregularities, especially missing deposits.
- Have all your software and operating systems up to date. In some cases, BEC cybercriminals might attempt to infect computers with malware, generally stealers.
Goliath is here to help you with best practices, solutions and services keeping you ahead of Cyber Threats!