Business Email Compromise (BEC)

Chaos Around © Rudat | Dreamstime Stock Photos

I attended a presentation by Frost Bank on Cyber Security and here is some of their information-

BEC is a sophisticated scam targeting businesses that regularly perform wire transfer payments.  The scam is not particular in terms of specific business sectors and/or size of the business.

The FBI released a report, which reflects the following:

  • From October 2013 through May 2016 – Global BEC Scams are estimated at $3.1 Billion.
  • $960 Million from 14,000 US Businesses of all sizes
  • 1,300% increase from January 2015 – June 2016 (50 states and 100 countries combined)

As a supplement to the FBI report, the 2016 AFP Payments Fraud and Control Survey indications that:

Wire transfers are the payment method most impacted by BEC.  A growth trend is evident as more companies report the THREAT:

2013 = 14%

2014 = 27%

2015 = 48%

Criminals research organizations, and track key executives (CEOs/CFOs) in order to learn their email styles.  Once able to successfully mimic the communication style, a criminal can succeed in reaching and deceiving employees via email.  Employees are prompted to wire funds to a fraudulent account, unaware that they are being scammed.

Mitigating Risk

Some Best Practices that can decrease the risk of Business Email Compromise:

  1. Watch for urgent or “secret” requests
  2. Learn to pick up on anything that looks suspicious
  3. Verify with requester before you send
  4. Create policies that mitigate risk
  5. Test your employees with simulated phishing attacks
  6. Change your out-of-office process

Businesses with awareness and understanding of the BEC scam, and those that implement internal prevention techniques at all levels of the organization can be successful at deflecting BEC attempts.

Have you or your company been compromised?  We would like to hear your stories in the comments section below.


Leave a Reply

Your email address will not be published. Required fields are marked *