Did you know that business email compromise was the most effective form of cybercrime last year? According to the internet crime report, the FBI received 467,361 cybercrime complaints, which resulted in a total loss of $3.5 billion. Half of the reported losses (1.77 billion) came from business email compromises.
What makes this type of scam so popular is the fact that they are easier to execute and do not require technical skills to pull off. This type of scam occurs when cybercriminals manage to successfully compromise a legitimate email account associated with a business. They use it to send fake invoices. These emails usually are sent to employees of the company or business partners. BEC scams usually target businesses performing wired transfer payments.
The main purpose of this type of scam is to trick businesses into wiring money into the wrong bank accounts. With most businesses still using email for correspondence and not realizing the threat of business email compromise, they are more likely to get affected by it. The best way to protect yourself is to increase awareness about business email compromises. This is exactly what we will do in this article.
In this article, you will learn about seven shocking truths about BEC scams you did not know about.
Table of Contents
Difficult to Detect
Not only are these BEC scams easier to launch but they are also difficult to detect for systems responsible for detecting phishing and spam emails. Since business email compromise scams are usually hyper-targeted and professionally crafted, they can easily slip through the cracks of phishing and spam monitoring systems which are tailor-made to handle a large volume of spam emails. This makes BEC scams even more dangerous as it gives scammers more time to fulfil their malicious intent without getting noticed.
Increase in Number of BEC Attacks
According to the Mimecast email security report, BEC scams have increased by 67% with 73% of businesses experiencing direct losses. Another report by Proofpoint paints an even darker picture. According to the report, BEC attacks per targeted organization increased by 476% on a year-over-year basis. If you buy dedicated server, these BEC scams won’t infect but their main purpose is to steal money from your business.
The lack of awareness about BEC scams also contributes to its success and makes it easier for hackers to trick employees occupying a key position in an organization. Businesses should launch training and awareness programs to improve deterrence against BEC scams. Studies have shown that untrained employees are 30% more likely to click on malicious links in a BEC email as compared to only 2% of trained employees.
Individuals Vs Team Debate
Another misconception most businesses have about BEC scams is that they are launched by a resourceful and highly organized team of hackers. This is not true as we have seen many examples of individual hackers launching business email compromise scams that’s why many of as do report facebook hack.
One of the best examples is a Nigerian 419 scammer, who laid the foundation for a group called Scattered Canary a decade ago. The number “419” represents sections of the Nigerian Criminal Code that deal with fraud charges applied on criminals. The group consists of 35 individuals who have made millions of dollars with BEC scams in no time. Apart from BEC scams, they also launch check fraud, romance scams, credit card scams, credential harvesting and more.
As mentioned before, the main objective of these BEC scams is to convince the target to transfer money to a bank account that might seem like it is associated with a business but it is not. This is not the only method these cybercriminals use. They might also try to influence payroll for employees on autopay. All they must do is to create a social engineering hook that looks legitimate to the target. Since most attackers might ask to transfer a sizable amount, they also do extensive research to create a story that the target believes in. This makes it easier for them to convince them to transfer money.
Money, Money, Money
BEC scams have financial motives. You might have already guessed it by now. Scammers want to make a quick buck out of it. A couple of years ago, a famous European cinema chain became a target of the BEC attack in which they ended up transferring $21.5 million in a month. The attacker portrayed himself as the French CEO of the company and sent out a series of emails to Dutch regional executives asking them to transfer money for making a new acquisition. The amount of effort required to execute B attacks coupled with the ability to get quick financial rewards to attract more criminals to business email compromise scams.
CFOs are The Primary Target
Even though the list of victims might vary from case to case but if you study BEC scams, you will notice a common pattern. The primary target for BEC scams is usually CFOs or financial gatekeepers. According to a report on London Blue, a multinational group of scammers launching BEC attacks, London Blue harvests names and addresses of targets from legal sources and buys contact information from companies who are paid to provide contact information for marketing operations. The report also illustrated how London Blue spoofed the email address of the CEO to create urgency and add authenticity to their BEC campaigns.
No One is Safe
Another common misunderstanding most people have about business email compromise scams is that it only targets large scale enterprises. That is not true. Victims of BEC attacks range from families to churches. Fraudsters have fooled many families during real estate transactions and stolen millions of dollars. Scammers stole 1.75 million from the Ohio Catholic parish that was raising funds for church renovation by pretending to be a construction company. In short, anyone can become a target of BEC attacks. How do you protect your business from business email compromise scams? Share it with us in the comments section below.