According to a report by the Financial Crimes Enforcement Network (FinCEN) released in July, financial institutions have incurred more than $9 billion in losses due to Business Email Compromise (BEC) schemes since 2016. With such staggering losses, businesses and even individuals can’t afford to ignore BEC attacks.
What is BEC?
BEC fraud involves cyber thieves posing as company executives or a business contact with the intention to commit wire transfer fraud or obtain sensitive information. The main targets are businesses working with foreign suppliers or a business that carries out regular wire-transfer payments.
To carry out this attack, criminals might pretend to be the company CEO and request that a junior staff member perform a task for them, such as transferring funds. Attackers take advantage of the fact that most organizations don’t have a set procedure to verify instructions received from the top management.
How Attackers Collect Data from their Targets
Cyber criminals use various techniques to carry out BEC fraud, with the main aim of stealing funds from the victims. The techniques used include:
How to Avoid BEC Attacks
It is difficult for conventional security systems to detect BEC schemes. Consider a case in which a transaction is initiated willingly by a legitimate user in response to a request from a legitimate source. Such an email has no payloads such as malicious attachments that can be blocked.
Here are some methods to help reduce the possibility of these attacks:
Apart from taking precautionary measures, businesses also should make sure that their insurance specifically covers BEC attacks, as courts might have different interpretations of policies. Consider the case of Apache Corporation, which lost $7million due to a BEC attack. The judge ruled that since the money was sent to pay a legitimate invoice to the wrong bank, it was not covered by their insurance policy.
Note that a majority of these criminals are from countries that might not have strict laws on cybercrime, making it difficult to have them prosecuted.
So, whether you run a small, medium or large business, or even a personal account, it’s vital that you take precautionary measures against the increasing BEC schemes.