Why is it important: The FBI is warning individuals and companies of the high costs associated with Business Email Compromise (BEC) attacks. Domestic and international losses are estimated to have reached $43 billion between June 2016 and December 2021 and increased by 65% ​​between July 2019 and December 2021.

- Advertisement -

BEC attacks typically target companies or individuals that fulfill legitimate fund transfer requests. These include compromising the official email account of high-profile executives or vendors through social engineering, phishing, or network intrusion. Having gained access, the criminals send a message to the company’s accounting department with a request to transfer a large amount. Because the emails come from official sources, the requests are often not suspicious.

- Advertisement -

Hackers target not only money transfers. Employees are sometimes asked to hand over their personal details, bank account numbers, payroll/tax forms, or cryptocurrency wallets, which are then used for everything from theft to identity fraud.

FBI warns that BEC fraud is growing and evolving, targeting both small local businesses and larger corporations and personal transactions. The rise in incidents over the past few years has been attributed to the pandemic and more people working from home, leading more companies to do business remotely. The schemes generated $43 billion between 2016 and 2021, and last year saw BEC’s record-breaking cryptocurrency-related loss of $40 million.

- Advertisement -

Reports of BEC fraud have been reported in all 50 states and 170 countries. Most of the stolen funds are transferred to banks in Thailand and Hong Kong, as well as to China, Mexico and Singapore.

The FBI is advising people to turn on two-factor authentication for their email accounts to protect against BEC attacks. It also says to be wary of signs that an email may be phishing (typos in web addresses, etc.), refrain from providing login credentials or PII of any kind via email, and regularly check financial accounts for any irregularities.

Back in 2018, the US Department of Justice announced arrest of 74 people, 42 in the US and 29 in Nigeria, for participating in BEC schemes. This resulted in almost $2.4 million being seized and about $14 million returned in fraudulent wire transfers.