Cybercrooks take new approach to BEC: Ways to stay safe

Last year, the U.S. saw an “unprecedented” increase in malicious cyber activity, such as business email compromise (BEC). Crooks tried to gain access to W-2 info and other valuable data that employers possess. That’s according to the latest info from the FBI.

In 2021, the FBI’s Internet Crime Complaint Center (IC3) received 847,376 complaints – a 7% increase from 2020. Potential losses to businesses and the general public reached nearly $7 billion.

Once again, BEC was one of the top incidents reported to IC3.

But now, scammers have come up with some new and convincing ways to get your money, as revealed in the 2021 FBI Internet Crime Report.

New videoconferencing method

During the COVID-19 pandemic, in-person meetings got shut down, and telework and virtual communication skyrocketed. Cyber adversaries seized on that opportunity for business email compromise. Here’s how:

First, they compromised a CFO or CEO email and then used the email to request that employees participate in virtual meeting platforms. Next, the fraudsters inserted a still picture of the CFO or CEO with no audio or a “deep fake” audio. They’d claim the audio or video wasn’t working properly.

Finally, over the virtual meeting platform, the cyberthieves would give verbal instructions for employees to initiate wire transfers, or they’d communicate the request through the compromised email.

4 steps you can take

So, how can you protect your company from BEC schemes like this, so you don’t fall victim to cyberattacks?

1. Contact your bank as soon as you find fraud. Request a recall or reversal. Ask for a Hold Harmless Letter or Letter of Indemnity.
2. File a detailed complaint with IC3.
3. Visit www.ic3.gov for public service announcements on new schemes.
4. Don’t make any payment changes without verifying with the intended recipient first. Plus, double-check that email addresses are accurate, especially when using cell phones or other mobile devices.