CEO Fraud, or Business Email Compromise (BEC) scams target businesses that regularly conduct wire transfers. The incidence of these cyber scams has increased by 33% since 2020, according to a new report by the FBI. This rise, according to Alan Suderman at Fortune, saw losses at U.S. organizations in 2021 top nearly $2.4 billion.
The attack is straightforward and remarkably successful. The scammer gains access to an email account belonging to one of your employees (often from the finance department) and accesses your vendor accounts. The scammer sends a fraudulent request for a wire transfer payment, and the vendor is tricked into sending money to an account controlled by the scammer.
Suderman reports that, although BEC scams receive less attention than the huge ransomware attacks that have triggered government response and new regulations, BEC scams have been the costliest cybercrime in the U.S. for years. Even sophisticated organizations can fall victim to BEC scams; the huge payoffs and low risks associated with BEC scams have attracted criminals worldwide.
The FBI urges organizations to follow the steps below to avoid becoming a victim to BEC scams. Urge your team to be on the lookout for the following:
- Emails and phone calls to employees with requests for their account username and/or password
- An email address that has slight variations from the legitimate address (e.g., email@example.com instead of firstname.lastname@example.org)
- Unusual requests from a supplier to make a wire transfer (e.g., requests to bypass normal payment procedures or to only communicate by email)
- Check and double-check the owner of the email address. You can easily do this by clicking on the email address in the email header to identify the sender (e.g., the sender looks like email@example.com, however when you click on the email it looks like firstname.lastname@example.org)
Report a BEC Attack
- Contact your financial institution immediately and request that they contact the financial institution where the transfer was sent
- Next, contact your local FBI field office to report the crime
- Also, file a complaint with the FBI’s Internet Crime Complaint Center (IC3)
Cybersecurity threats are always evolving and extend well beyond the business enterprise, affecting many aspects of our daily lives. To take preventative steps and implement ongoing Security Awareness Training at your organization, contact Radiant Resources today.