The FBI Warns of High Alert for Business Email Compromise
Business Email Compromise (BEC) has become a massive threat in the cybercrime world, with the FBI revealing that threat actors have made billions of dollars over the past decade through this type of scam. Organizations are now being urged to be on high alert for BEC attempts.
BEC is a form of social engineering where individuals are tricked into making large money transfers to fraudsters posing as legitimate entities, such as suppliers or high-level executives. The scammer often compromises email accounts to monitor and intercept messages, making their requests sound more convincing.
The FBI’s Internet Crime Complaint Center (IC3) reported that BEC has cost US and global organizations nearly $55.5 billion between 2013 and 2023, with over 305,000 incidents occurring during this time. The UK and Hong Kong are common intermediary stops for funds as they are transferred to accounts controlled by the fraudsters.
Despite the growing awareness of BEC scams, the IC3 noted a 9% increase in identified global exposed losses between 2022 and 2023. Scammers are now targeting smaller local businesses and personal transactions, using evolving techniques to access accounts.
Victims are advised to contact their bank immediately if they suspect a fraudulent BEC wire transfer. The FBI also provided the following tips to mitigate BEC risk:
- Use multi-factor authentication (MFA) and a second pair of eyes to verify requests for changes in account information
- Use unique passwords for every online service and change them periodically
- Verify sender email addresses and ensure they match the claimed identity
- Watch out for misspelled domain names in hyperlinks
- Avoid handing over login credentials or personal identifiable information (PII) via email
- Ensure employee computer settings allow full email extensions to be viewed
- Monitor financial accounts regularly for any irregularities
It is crucial for organizations to stay vigilant and implement strong security measures to protect against BEC scams. By following these tips, businesses can reduce the risk of falling victim to this increasingly common form of cybercrime.