Business email compromise: 3 things you don’t know that could cost you

You know how it works: One of your finance staffers receives an email from your CEO urging him to make an immediate wire transfer. He complies … and your company just fell victim to the classic business email compromise (BEC) scam.  Well …

Turns out this fraud is evolving as fast as employers can keep up. But fall behind and you’re bound to be a statistic.

A new report by the Treasury Department sheds light on what BEC looks like today so you can stay one step ahead.

1. BEC is way more rampant – and expensive – than you think

The FBI estimates that BEC cost U.S. companies $1.2 billion last year. Certainly nothing to blow off.

But it’s actually more like triple that number. The Treasury report estimates BEC costs companies $301 million a month, totaling $3.6 billion in 2018.

And plenty of your peers are getting hit. The Treasury Department says an average of 1,100 businesses fall for this scam each month.

Those numbers should really open some eyes for anyone in your organization who might think a BEC scheme is only a remote possibility for you.

If the FBI can underestimate the toll this fraud is taking on businesses, you can bet that’s happening in companies as well.

Use these updated numbers to impress upon everyone from the rest of the c-suite to your front line finance and accounting staffers that the stakes are too high not to devote the time and effort to training, email security factors, etc.

2. New industries are being targeted now

While any company could fall victim to a BEC scam, some industries have felt the brunt more than others.

For example, In the past, manufacturing and construction took the brunt of the hits: This industry accounted for one-quarter of all BEC scams in 2018.

But the targets are shifting.

The report shows that several new industries are being hit hard by BEC, including real estate and commercial services (shopping centers, entertainment facilities and lodging).

Reminder: Any type of organization is vulnerable. And the threats are ever-evolving: As one target becomes more aware, and therefore harder to fool, crooks will shift gears quickly.

3. The spoofed exec is no longer the main way in

That goes for the carrot crooks dangle, too.

Those emails allegedly coming from your CEO or even you? They’re being replaced by one from one of your trading partners. A phony invoice purporting to be from a legitimate supplier is now the No. 1 start to the scam.

That’s because it’s working! The average transaction amount for BECs impersonating a vendor or client invoice is $125,439, vs. $50,373 when impersonating a CEO, according to the Treasury report.

Since no one’s associating that approach with BEC, more employees are falling for it.

Time to update staffers’ vision of what BEC looks like today now … before your money goes out the door.