BEC (Business Email Compromise) is an advanced email cyber-crime scam, when an attacker poses as someone the recipient should trust. He can pretend a colleague, boss, or supplier to make the victim transfer the funds to a wrong bank account, or urgently pay a fraudulent invoice.
According to the FBI report, in 2020 BEC scams resulted in $1.8 billion loss for companies – far more than via any other type of cybercrime, including ransomware. Here is a few tips you need to know about BEC to be able to withstand it.
When going on stage, attackers may adopt different strategies, including targeting long-standing wire-transfer relationships with a supplier. Alternatively, he can also pretend to be a new partner, that makes it more difficult to recognize fraud.
This is what happened to Google and Facebook in 2013-2015, when they became victims of the biggest BEC with the collective loss amount of almost $121 million. A fake company “Quanta Computer” impersonating their real hardware supplier provided the technological giants with invoices, that were properly paid.
BEC scam is also known as CEO Fraud, as hackers often impersonate senior company executives or CEOs, aiming to trick you into transferring money to a fraudulent account owned by themselves or revealing sensitive information. It is all about authority as well as sense of urgency that are catalysts for 432 combinations of phishing attack vectors, aiming to leverage from human emotion manipulation. The attacks often bet, that the presence of a C-suite executive as the sender would guarantee the malicious email to get the employee’s attention and make him easily fall into the trap.
“We need the company to be funded properly and to show sufficient strength toward the Chinese. Keith, I will not forget your professionalism in this deal, and I will show you my appreciation very shortly.” – this is a part of an accurately crafted fraudulent email to an employee at Scouler Co. The criminals successfully impersonated his boss, that resulted in $17.2 million acquisition scam incident.
Once cybercriminals have identified the target company, a true analysis starts. Trying to get as much information as possible, they look for the corporate organization structure, including the names of executives and associated employees, study the communication habits of key individuals, or intentionally send spam emails to see if the executive is out of the office. This reconnaissance phase can last from a few days to a few months, and it’s aimed at gaining maximum credibility, when springing into action. Any successful security breaches in the past can also prepare the ground for a successful scam realization.
In 2019 after experiencing a few cyber-attacks, Toyota ended up in a BEC incident. Knowing enough internal details, the attackers managed to convince the company’s employee to transfer $37 million dollars to a foreign account, presumably belonging to the company’s European subsidiary. In other real life cases fraudulent emails are often followed up by phone calls from a person who may sound very reliable to clarify any concerns about the payment.
Business Email Compromise scam exposes companies of all sizes to severe financial risks and losses. However, there are actions you can take to help better prepare your employees, monitor your systems, and safeguard large financial transactions:
Image by CC Express
|_ga||2 years||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.|
|_gat_gtag_UA_150416163_1||1 minute||Set by Google to distinguish users.|
|_gid||1 day||Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.|
|pardot||past||The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.|
|visitor_id909942-hash||10 years||No description|
|lpv909942||30 minutes||No description|
|visitor_id909942||10 years||No description|