According to the 2020 Internet Crime Report by the FBI, BEC (Business Email Compromise) scams resulted in a loss of nearly 2 billion dollars last year. The FBI’s Crime Complaint Centre received over 19000 reports of BEC scams in 2020 which accounted for 45% of the total losses reported to the Bureau. To demonstrate the enormity of these losses, the second most costly scam that was reported resulted in losses of 600 million dollars in 2020.
These monetary losses are so detrimental to a business – especially during a global pandemic where consumer spending is at an all-time low. What is even more terrifying is that many cybercrimes go unreported which means the actual losses are likely to be even higher.
At Anti Fraud News we’re here to help you stay ahead of online scams. Here we’ll discuss what a BEC scam is and how to avoid falling for a scam like this.
What Is A BEC Scam?
A BEC scam targets companies with international suppliers that need to conduct wire transfers to pay for their services. The scammers usually target the employees of a company who deal in paying accounts by sending them phishing emails. The phishing email makes use of social engineering techniques to trick the receiver into believing the email is from an executive of their company, and that the request is urgent. The victim of the scam then erroneously makes the wire transfer resulting in huge monetary losses for the company.
The Different Types Of BEC Scams
According to the FBI, there are 5 different types of of BEC scams to look out for:
1. The Fake Invoice Scam
Here the scammer will pretend to be one of their foreign suppliers requesting a fake invoice to be paid. The invoice details appear to match that of one of their suppliers and accidentally gets paid. When the real supplier queries their payment, the company realizes an error has been made.
2. CEO Impersonator Scam
The scammer pretends to be the company CEO requesting their finance department to make a payment into an account that is controlled by the scammer. Since the employee believes the CEO is making the request, they make the payment in error.
3. Email Account Hacking Scam
This type of scam is where the email account of an employee gets hacked and is used by the scammer to request payments to vendors. These vendors then make payments to the scammers account unknowingly.
4. Data Theft Scam
Accounting and HR employees are targeted for data theft through a phishing scam. The phishing email gets these employees to enter their personal data or tax statements to use for future cyber attacks on the company.
5. Lawyer Impersonator Scam
Scammers will send an email pretending to be a lawyer doing work for the company. The email often asks for confidential information that can be used against the company.
How To Protect Your Employees From BEC Scams
Because these email scams don’t include malicious links or malware, they can often get through software security that is meant to protect your employees from receiving phishing emails. The best way to protect your employees against these types of scams is through training and education. Consider phishing workshops and sending test emails to ensure your employees understand the best steps to take when they receive an email they are concerned about.
Make use of these FBI tips to avoid falling for BEC scams:
- Always be cautious of unexpected changes in payment details or instructions of your suppliers.
- Reach out directly for confirmation if you receive an unexplained urgent request regarding payment.
- Verify vendor contact information rather than trusting information received via email.
- Always lookout for grammatical errors in suspicious emails.
- Pay attention to detail when confirming account details and contact details – there could be a slight detail change that confirms its a scam address.
Be vigilant and keep checking our anti-scam blog for the latest in anti-fraud news!