Business E-mail Compromise (BEC), also known as Email Account Compromise or CEO Fraud, is a sophisticated scam targeting both businesses and individuals performing wire transfer payments.
The scam is frequently carried out when a subject compromises legitimate business e-mail accounts through social engineering/phishing or computer intrusion techniques to conduct unauthorized transfers of funds.
The scam may not always be associated with a request for transfer of funds. A variation of the scam involves compromising legitimate business e-mail accounts to obtain any personal or valuable information that may lead to account takeover or identity theft.
According to the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3), there was a 136% increase in identified global exposed losses between December 2016 and May 2018 from BEC cases. The dramatic increase brings the total domestic and international exposed dollar losses to US$12.5 billion. The amount represents both money that was actually lost by victims and money they could have lost had they taken the bait. Further, such scams have been observed in 50 U.S. states and 150 countries, with money being sent to 115 countries. The top destinations for money generated by BEC scams are Asian banks in China and Hong Kong, but a significant number of schemes involve financial organizations in the U.K., Mexico and Turkey.
How does Business Email Compromise work?
BEC scams often begin with the cybercriminal compromising a company's email account. This is usually done using keylogger malware or phishing methods, where attackers create a domain that’s similar to the company they’re targeting, or a spoofed email that tricks the target into providing account details e.g. firstname.lastname@example.org vs email@example.com (o vs 0).
The following are 2 popular variations of the scam:
CEO Fraud - CEO/CFO/COO or any high ranking executive's email is hacked and used to instruct fund transfer requests.
Invoice Fraud/Supplier Fraud - involves a business that has an established relationship with a supplier. The fraudster compromises the supplier’s email account then asks to wire funds for invoice payment to an alternate, fraudulent account via spoofed email, telephone, or facsimile.
Image Source: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/business-email-compromise-bec-schemes
How to avoid being a victim of Business Email Compromise?
Educate your employees about this fraud type and how it works.
Protect your online environment. Encrypt sensitive data and ensure that your company's anti-malware/anti-virus systems are always up to date.
Don’t open any email from unknown parties. If you do, do not click on links or open attachments as these often contain malware that accesses your computer system.
Be suspicious of requests for secrecy or urgency, and of emails that request all correspondence stay within the same email thread, such as “only use Reply, not Forward”.
Be suspicious of emails that use open source email services such as Gmail or Yahoo when your client normally sends correspondence from a company domain.
Look carefully for small changes in email addresses that mimic legitimate email addresses. For example, company.co versus company.com.
If the request is from a vendor/supplier, check for changes to business practices, such as how invoices were received. If an employee, customer or vendor suddenly asks to be contacted via their personal e-mail address, verify the request through known, official and previously used correspondence as the request could be fraudulent.
Use alternative communication channels to verify significant requests. Have multiple methods outside of email – such as phone numbers, alternate email addresses – established in advance through which you can contact the person making the request to ensure it is valid.
Do not post sensitive information on social media and company websites. Cybercriminals conducts intensive research and pry on those emails that they think can be easily hacked.