Business email compromise: 3 things you don’t know that could cost you
You know how it works: One of your finance staffers receives an email from your CEO urging him to make an immediate wire transfer. He complies … and your company just fell victim to the classic business email compromise (BEC) scam. Well …
Turns out this fraud is evolving as fast as employers can keep up. But fall behind and you’re bound to be a statistic.
A new report by the Treasury Department sheds light on what BEC looks like today so you can stay one step ahead.
1. BEC is way more rampant – and expensive – than you think
The FBI estimates that BEC cost U.S. companies $1.2 billion last year. Certainly nothing to blow off.
But it’s actually more like triple that number. The Treasury report estimates BEC costs companies $301 million a month, totaling $3.6 billion in 2018.
And plenty of your peers are getting hit. The Treasury Department says an average of 1,100 businesses fall for this scam each month.
Those numbers should really open some eyes for anyone in your organization who might think a BEC scheme is only a remote possibility for you.
If the FBI can underestimate the toll this fraud is taking on businesses, you can bet that’s happening in companies as well.
Use these updated numbers to impress upon everyone from the rest of the c-suite to your front line finance and accounting staffers that the stakes are too high not to devote the time and effort to training, email security factors, etc.
2. New industries are being targeted now
While any company could fall victim to a BEC scam, some industries have felt the brunt more than others.
For example, In the past, manufacturing and construction took the brunt of the hits: This industry accounted for one-quarter of all BEC scams in 2018.
But the targets are shifting.
The report shows that several new industries are being hit hard by BEC, including real estate and commercial services (shopping centers, entertainment facilities and lodging).
Reminder: Any type of organization is vulnerable. And the threats are ever-evolving: As one target becomes more aware, and therefore harder to fool, crooks will shift gears quickly.
3. The spoofed exec is no longer the main way in
That goes for the carrot crooks dangle, too.
Those emails allegedly coming from your CEO or even you? They’re being replaced by one from one of your trading partners. A phony invoice purporting to be from a legitimate supplier is now the No. 1 start to the scam.
That’s because it’s working! The average transaction amount for BECs impersonating a vendor or client invoice is $125,439, vs. $50,373 when impersonating a CEO, according to the Treasury report.
Since no one’s associating that approach with BEC, more employees are falling for it.
Time to update staffers’ vision of what BEC looks like today now … before your money goes out the door.
Free Training & Resources
White Papers
Provided by Anaplan
Webinars
Provided by Yooz
Further Reading
About 90% of U.S. companies were targeted by cyber‑fraud last year – almost a 25% increase from the previous year. The rise doesn...
“It’s not right, but it is a reality. … You don’t get a lot of budget attached to (vendor setup and maintenance tra...
Non-bank financial institutions are facing a double whammy, courtesy of the Consumer Financial Protection Bureau (CFPB). A new federal...
Cybercriminals have zeroed in on finance, where every click can move real money. In fact, 79% of companies experienced an attempted or actu...
Check fraud is on the rise again. The U.S. Postal Service just alerted financial institutions that check fraud DOUBLED from 2021 to 2022. ...
If you’re lucky, the only kind of employee theft you’ll have to worry about at your company is parents swiping office supplies ...