BEC – A billion-dollar scam

A Federal Bureau of Investigation (FBI) public service announcement alert indicates $26 billion has been lost from business email compromise (BEC) schemes between June 2016 and July 2019. This total is from actual victim complaints reported to the FBI’s Internet Crime Complaint Center (IC3).

BEC is a cyber-criminal scheme targeting businesses that make legitimate transfer-of-fund or wire transfer requests.  Someone will compromise these accounts through social engineering or computer invasion and conduct unauthorized transfers of funds.  BEC attackers often target those in a business responsible for sending payments, using spoof accounts to impersonate the company C-suite or a supplier and requesting money transfers. Still another variation involves asking for employees’ personally identifiable information or Wage and Tax Statement (W-2) forms.  Recently, an increasing number of BEC complaints submitted to IC3 also concern the diversion of payroll funds.  A company’s human resources or payroll department receives spoofed emails appearing to be from employees requesting a change to their direct deposit account. This new direct deposit information generally leads to a pre-paid card account. BEC scams can also involve fraudulent requests for checks.

According to the FBI, this type of fraud continues to grow and evolve by targeting small, medium and large business transactions.  Statistical data indicates a 100 percent increase in identified global exposed losses between May 2018 and July 2019.  The scam has been reported in all 50 states and 177 countries.

 

continue reading »