FBI Reports 270% Increase in 2015
Do you know what BEC is? If you’re a professional working in any industry, you should. BEC is the name the FBI gave to the latest sinister attack on technology users: Business Email Compromise.
According to the FBI’s Internet Crime Complaint Center, more than 7,000 U.S. companies have been victimized by BEC scams since they began tracking claims late in 2013. Losses have exceeded $740 million. Unfortunately, BEC situations are only getting worse. According to the Center, there has been a 270% increase in identified BEC victims in 2015.
Scammers and Business Email Compromise (BEC)
This particular type of email scam tricks businesses into paying invoices from what looks like established partners, usually affecting mostly chief technology officers, chief financial officers, controllers, and comptrollers.
How They Trick You
Mostly everyone has seen an example of malware-laced email in their personal or business email account. Not long ago, email scams were easy to spot because they were sent by amateurs. You noticed misspellings, bad grammar, etc. They came from suspicious-looking email addresses and were from suspicious-looking names and companies.
Now (as we’ve said often this year), all that has changed. Scammers’ methods are extremely sophisticated.
Today with BEC scams, the criminals create the perfect disguise:
- They do their homework. They know who to target in the company. They use language specific to your business or industry, as well as dollar amounts that make the email seem legitimate.
- FBI Special Agent Maxwell Marker said in a recent NetworkWorld article that, to make matters worse, these criminals often employ other cyberattacks such as malware to infiltrate the company’s networks. By doing so they’ll gain access to legitimate email threats about billing and invoices, so they have specific references as well.
- They work the system. The criminals know how to make invoices and accounts look legit. Once they’ve been successful at getting the payment, they may direct them to their own accounts by switching a trusted bank account number by a single digit (likely in the middle).
What You Can Do to Protect Your Business
Marker stresses that the time to identify the fraud and recover the funds is extremely short, so it’s critical that users are aware of BECs.
To protect your company, you can take several actions:
- Deploy a multi-layer security profile, if you don’t have one already. It will block most scam attempts, malware, and other cybersecurity issues from ever penetrating your network and infrastructure.
- Evaluate whether your business is vulnerable to a cyberattack beyond your IT security setup. How do you process your invoices? What type of approval process occurs with wire transfers? How are documents stored, shared, and disposed of in the office? Do you have a security response plan in place, and do all employees have access to it? Answering these questions and more can help you determine if you need to take another look at your operational and business procedures.
- Communicate to your employees and spread awareness. Internet security awareness training has never been more important, because new threats emerge all the time. Make sure your users know about the latest scams and what to do if they have suspicions about an email they receive. Communicating verbally in a staff meeting can be very effective since so much communication about security threats occurs via email.
Learn more about IT security and managed services as a whole in our Comprehensive Guide to Managed Services: