Read more about the current Greenbook proposals. ...
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.
The Rise of Business Email Compromise Scams
Business Email Compromise – or BEC – is an increasingly common scam targeting U.S. and European companies that is often carried out by criminal organizations. In most cases, attackers from these organizations target employees who have access to company finances or W-2 information with the intention of tricking them into transferring money or sending data records. The deceptive techniques used to target and exploit victims vary from spear phishing and social engineering to email spoofing and computer intrusion techniques (malware).
Statistics
The FBI 2017 Internet Crime report highlights growing trends in cybercrime that were seen last year. BEC – or “CEO Fraud” – led the pack in 2018, topping $676 million in victim losses. Since 2015, there’s been a staggering 1,300% growth in losses as a result in the spike in these frauds, now totaling over $3.0 billion in the past three years alone. BEC is a serious threat on a global scale that’s expected to continue to rise with the increased reliance on business email.
Anatomy of the Scam
A BEC scam can take on various forms. One common scheme, called CEO impersonation, attempts to persuade a target into wiring money for apparent business purposes. This scheme usually begins with the attacker compromising the CEO of the target company’s email account through a phishing or malware attack. After spending some time monitoring email communications to carefully understand the company’s vendor relationships as well as the CEO’s interests, email communication style and travel plans, the target is then chosen.
Employees from Finance or Accounts Payable – or even the Controller – are often primary scam targets. At the appropriate time, the attacker sends a phony email to the selected target from either the CEO’s inbox or a lookalike domain name (which is usually one or two letters off from the company’s true domain name). The email typically requests an immediate wire transfer to the attacker’s account, whose account number has been modified and disguised as that of a trusted vendor. Unless the scheme is detected in a timely manner, any transferred money is often difficult to recover.
Don’t Fall Victim
Schneider Downs recommends any number of the following procedures to help your organization develop its own effective defensive strategy against BEC and other email cyberattacks:
Read more about the current Greenbook proposals. ...
Learn more about the regional and national supply chain implications of the Baltimore Key Bridge collapse. ...
We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.
Ask us
[email protected]
p:412.261.3644
f:412.261.4876
[email protected]
p:614.621.4060
f:614.621.4062
[email protected]
p:571.380.9003