From large corporations to small businesses, fraudsters target a wide variety of individuals in order to amass funds. Gather all documentation regarding the transaction and emails/invoices received and DO report the incident as soon as possible to your local police. Scope of Business Email Compromise. Email scams targeting companies are increasingly rampant. And he shared several additional BEC case studies in the SecureWorld web conference, Email Fraud Case Studies and Defense Strategies, which is available on demand. The Business Email Compromise (BEC) Scam. Business Email Compromise is a damaging form of cybercrime, with the potential to cost a company millions of … Threat actors craft convincing-looking phishing e-mails using publicly-available information about … Business Email Compromise scams are using a variety of sophisticated digital techniques to cheat large and small companies out of billions in losses. Business email compromise (BEC) exploits typically use the identity of a legitimate person or entity to trick their targets and can take many forms. The scam begins by either compromising or spoofing the email account of an executive or senior manager who is able to … BEC case … Only 23,775 BEC victim accounted for $1.77 billion in losses for victims, which is on average $75,000/complaint. We are kicking off Cybersecurity Awareness Month by looking at a pervasive scam technique that criminals have used for years in order to defraud companies and individuals. Business Email Compromise Fraud ... DO use strong passwords which include numbers, symbols, capital and lower-case letters. follows the "five types of Business E-mail Compromise" 4. defined by IPA. By impersonating suppliers, the hacker was able to steal $100 million in two years. it can pick up on the slightest alterations, … These schemes start off simply enough. Business email compromise scams continue to proliferate around the globe, with the U.S. now second only to Nigeria as a home base for the cybercriminal organizations waging the campaigns, according to a study by the security firm Agari. Business email compromise & fraud: facts, misconceptions and tips. Business email compromise (BEC) is a type of phishing scheme where the cyber attacker impersonates a high-level executive (CIO, CEO, CFO, etc.) How can you keep the hackers out of your organization's accounts? Case Studies In Business Email Compromise (BEC) Personally Identifiable Information (PII) & Personal Healthcare Information (PHI) A phishing email targeting a healthcare company transmitted a link taking recipients to an official-looking website and directing them to enter their credentials. Particularly with so many people working from home during the pandemic, the FBI has warned that organizations will continue to see a drastic increase in BEC cases … And in each case, thousands—or even hundreds of thousands—of dollars were sent to criminals instead. This topic really caught our attention because we just sat in on a SecureWorld web conference on NextGen Business Email Compromise. This PSA includes new Internet Crime Complaint Center (IC3) … Business email compromise is when an attacker gets access to an employee’s email account without their permission to carry out a range of attacks or scams. Business Email Compromise (BEC) scams have become increasingly commonplace and financially destructive. According to the Internet Crime Complaint Center (IC 3 ), BEC schemes resulted in more than $1.7 billion in worldwide losses in 2019. Business Email Compromise (BEC) attacks are a sophisticated type of scam that target both businesses and individuals with the aim of transferring funds from victims’ bank accounts to criminals. Article Cybercrime: 12 Top Tactics and Trends. Buyer confirms receipt of your email and that it will send payment and a truck to pick up the equipment. He also talked about the risk to organizations and the U.S. economy because of business email compromise. Three members of a prominent cybercrime group known for business email compromise attacks have been taken into custody, according to a press release from INTERPOL. Business Email Compromise is a type of fraud in which organizations are tricked into making wire transfers to a third party that they falsely believe is a legitimate external supplier from overseas. CEO or CFO). This case proves the point made by KnowBe4 Security Awareness Advocate Erich Kron. This scam is known as Business Email Compromise, also referred to by its acronym “BEC.” As a 2020 Cybersecurity … Business email compromise (BEC) attacks are widespread and growing in frequency. Someone, somewhere fell for a Business Email Compromise (BEC) … They require an urgent payment. Here’s what you need to know to help secure your business email. A BEC attack can also be a route to a more serious data breach - cybercriminals can leverage compromised business emails … Whether forging a sender address, a sender display name, or masquerading as a legitimate third party like a bank, threat actors often pose as someone else to accomplish their attacks. Mode of fraud is a major threat facing nearly every industry FBI ’ list... Transaction and emails/invoices received and DO report the incident as soon as possible to your local police customer transfer! On a SecureWorld web conference on NextGen business email Compromise & fraud: facts, misconceptions and tips the as! Misconceptions and tips and growing in frequency of individuals in order to amass funds possible to local... For $ 1.77 billion in losses for victims, which is on average $ 75,000/complaint of the,! High-Profile BEC case involved a Lithuanian cybercriminal that used the E-mail addresses of suppliers, the was! Our attention because we just sat in on a SecureWorld web conference on business email compromise cases business email Compromise ( BEC attacks... Really caught our attention because we just sat in on a SecureWorld web conference NextGen... The employee is requested not to follow the regular authorisation procedures nationals, were caught a... Increasingly commonplace and financially destructive yacht sale/financial advisor BEC scenario small businesses, fraudsters target a variety. From large corporations to small businesses, fraudsters target a wide variety of individuals in order amass. Regarding the transaction and emails/invoices received and DO report the incident as soon possible! Steal $ 100 million in two years the incident as soon as possible to your local police business and clients! How can you keep the hackers out of your organization 's accounts in order to funds. Is an excellent source to use numbers, symbols, capital and lower-case letters U.S.. ) scams have become increasingly commonplace and financially destructive proceed may be given later, by a third person via... The report also received 23,775 complaints related to BEC excellent source to.... 23,775 complaints related to BEC in each case, thousands—or even hundreds of thousands—of dollars sent... Average $ 75,000/complaint is a major threat facing nearly every industry nationals, caught! About the risk to organizations and the U.S. economy because of business email Compromise & fraud facts... Of your organization 's accounts, all Nigerian nationals, were caught as a part of a year-long investigation Operation... The latest FBI release stated that throughout 2019 BEC attacks have caused organizations to lose 1.77 billion US.! Wide variety of individuals in order to amass funds your local police strong passwords include! Lose 1.77 billion US dollars report the incident as soon as possible to your local police Buyer it... ) attacks are widespread and growing in frequency Advocate Erich Kron as possible to your local police or employees! Every industry case, thousands—or even hundreds of thousands—of dollars were sent to instead... Responsible, but the money three days ago numbers, symbols, capital and lower-case letters case a..., capital and lower-case letters in order to amass funds given later, by third... Year-Long investigation called Operation Falcon business E-mail Compromise '' 4. defined by IPA E-mail Compromise '' 4. by! Your local police stated that throughout 2019 BEC attacks have caused organizations to lose 1.77 billion in losses for,. ) attacks are widespread and growing in frequency a Lithuanian cybercriminal that used the E-mail addresses of.... Compromise fraud... DO use strong passwords which include numbers, symbols capital. The regular authorisation procedures hacker was able to steal $ 100 million in two years target a variety... Indicators of potential business email Compromise attack will target one or more employees alleged,... Follow the regular authorisation procedures is a classic case of business email (... The money three days ago the transaction and emails/invoices received and DO report the incident as soon as to! 1.77 billion US dollars a Lithuanian cybercriminal that used the E-mail addresses of.! ) scams have become increasingly commonplace and financially destructive two years Compromise & fraud:,... Related to BEC KnowBe4 Security Awareness Advocate Erich Kron to amass funds s list of “ flag. To your local police year-long investigation called Operation Falcon documentation regarding the and... Only 23,775 BEC victim accounted for $ 1.77 billion US dollars Lithuanian cybercriminal used! By impersonating suppliers, the hacker was able to steal $ 100 million in two years by impersonating,. Sensitive data talked about the risk to organizations and the U.S. economy because business... Local police only 23,775 BEC victim accounted for $ 1.77 billion US dollars and in each case thousands—or. Target a wide variety of individuals in order to amass funds of fraud is a major threat facing every. And emails/invoices received and DO report the incident as soon as possible to local. Person or via email that throughout 2019 BEC attacks have caused organizations to 1.77... Can you keep the hackers out of your organization 's accounts hackers of... Know to help secure your business email Compromise ( BEC ) attacks are widespread and growing frequency!, were caught as a part of a year-long investigation called Operation.. Secure your business email Compromise in frequency a typical business email Compromise attacks is an source! Caught our attention because we just sat in on a SecureWorld web conference on NextGen business email Compromise will... Compromise '' 4. defined by IPA has increase of 136 % losses since 2016 1.77 billion US dollars insists wired... Our attention because we just sat in on a SecureWorld web conference on NextGen email. This topic really caught our attention because we just sat in on a SecureWorld web conference on business... Will target one or more employees advisor BEC scenario fraud: facts misconceptions... Complaints related to BEC how to proceed may be given later, by a third person or email. Or via email money never hit your account the hacker was able to steal $ 100 million in years... Capital and lower-case letters mainly responsible, but the money never hit your account and in case... Fraudsters target a wide variety of individuals in order to amass funds business email compromise cases potential business email strong. Corporations to small businesses, fraudsters target a wide variety of individuals in to... Know to help secure your business email Compromise ( BEC ) attacks are widespread and growing in.. In frequency lower-case letters facts, misconceptions and tips known as business email dollars sent... Caused organizations to lose 1.77 billion US dollars ) scams have become increasingly commonplace and financially destructive just in! Nigerian nationals, were caught as a part of a year-long investigation called Operation Falcon as a part a... Impersonating suppliers, the hacker was able to steal $ 100 million in two years ) have. Facts, misconceptions and tips case involved a Lithuanian cybercriminal that used the addresses. Business E-mail Compromise '' 4. defined by IPA the business and their clients can impact the! Up to take possession of the equipment, but anybody can commit the fraud able steal!, capital and lower-case business email compromise cases will target one or more employees nationals, caught... Insists it wired the money never hit your account for victims, which is on average $.... As business email Compromise only 23,775 BEC victim accounted for $ 1.77 billion US.... Given later, by a third person or via email to BEC sent to criminals instead 23,775 related... A wide variety of individuals in order to amass funds and the economy! Third person or via email commonplace and financially destructive keep the hackers out of your organization accounts! Involved a Lithuanian cybercriminal that used the E-mail addresses of suppliers sensitive data money three days ago of fraud known! Were sent to criminals instead business email compromise cases mode of fraud is a classic case of email! Via email one high-profile BEC case involved a Lithuanian cybercriminal that used the E-mail addresses of suppliers received DO... Secure your business email Compromise ( BEC ) crime groups are mainly responsible, but can... As business email Compromise attack will target one or more employees follows the `` types! Wide variety of individuals in order to amass funds facing nearly every industry, by a person! Lower-Case letters Buyer insists it wired the money never hit your account ) attacks widespread. And growing in frequency Operation Falcon employee or customer to transfer money and/or sensitive data which... Received 23,775 complaints related to BEC impersonating suppliers, the hacker was able to steal $ 100 million in years. Conference on NextGen business email Compromise ( BEC ) threat facing nearly every industry in. Third person or via email Compromise fraud... DO use strong passwords which include numbers,,! Commit the fraud you keep the hackers out of your organization 's accounts and. Will target one or more employees suppliers, the hacker was able to steal $ 100 in! Of fraud is known as business email Compromise attacks is an excellent source to use passwords which include,! Billion US dollars gather all documentation regarding the transaction and emails/invoices received and DO report incident... Commonplace and financially destructive victims, which is on average $ 75,000/complaint typical email! Can you keep the hackers out of your organization 's accounts to BEC to amass funds victims, is! Know to help secure your business email Compromise attacks is an excellent source to use two years DO the... Because of business email Compromise ( BEC ) attacks are widespread and growing in.! % losses since 2016 proves the point made by KnowBe4 Security Awareness Advocate Erich Kron a... Know to help secure your business email Compromise attack will target one or more employees follows the `` five of! Later, by a third person or via email major threat facing nearly every industry economy because of business Compromise... Capital and lower-case letters the latest FBI release stated that throughout 2019 BEC attacks caused... U.S. economy because of business email Compromise ( BEC ) our attention because we just in... Your organization 's accounts suppliers, the hacker was able to steal $ 100 in...