Emil Sayegh

Sep 22, 2015

Protect Yourself from Business Email Compromise (BEC) Fraud

Codero wants to let you know that the FBI has issued two warnings (here is the second) about a sophisticated scam called Business Email Compromise (BEC), which targets businesses working with foreign suppliers and businesses that regularly perform wire transfer payments.

The fraudsters compromise legitimate business e-mail accounts through social engineering or phishing, then conduct unauthorized transfers of funds. Most victims are reporting money lost through wire transfers, others report checks were used instead. Whichever payment method is most commonly associated with normal business practices is the one the fraudsters will use.

Security Notice

The Rise of BEC Fraud

The FBI reports that there has been a 270 percent increase in identified victims and exposed loss since January 2015, with victims in all 50 U.S. states and in 79 different countries. Between October 2013 and the end of August 2015, there have been more than 8,000 victims and nearly $800 million in exposed dollar loss. The FBI says the BEC exposed loss is over $1.2 billion once you factor in totals identified by international law enforcement agencies during this same time.

Networking firm Ubiquiti Networks recently said cyber thieves stole $46.7 million with this scam.

Most Common Method of Entry for BEC Fraud

The most common way fraudsters gain access to businesses’ money is through a phishing scam in which a victim receives an email that includes a malicious link, sent from a seemingly legitimate source. Once the victim clicks the link, malware is installed that gives the fraudsters access to usernames, passwords, and financial information.

Awareness Yields Prevention

An increase in awareness of this scam has helped businesses more accurately detect the scam. Here are a few of the tips the FBI suggests to prevent this scam from impacting you:

  • Create intrusion detection system rules that flag emails with extensions similar to company e-mail.
  • Register all company domains that are slightly different than the actual company domain.
  • Confirm requests for transfers of funds.

Additional information is available in a United States Department of Justice publication.

Thank you in advance for your attention to this issue. If you have questions or concerns, please contact us. We love hearing from you. We appreciate your business and are always here at your service!

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedIn