© 2024 CoolTechZone - Latest tech news,
product reviews, and analyses.

FBI: ‘Business Email Compromise is a $ 55B business’


According to the FBI, Business Email Compromise (BEC) has approximately caused $ 55.5 billion in financial damages worldwide.

Business Email Compromise or BEC includes all sorts of email-related fraud, including CEO fraud and fake invoices. Whatever means cybercriminals use, the goal is always to get the victim to transfer money to the scammer’s banking account.

BEC fraud is usually carried out with compromised corporate email accounts. For example, when a hacker gains access to an email account of an executive manager of a company because he uses a weak password, or hasn’t enabled multi-factor authentication (MFA) to protect his account.

Other means of getting hold of an email account are spoofing and typosquatting. By using specialized software, attackers can spoof an email address to resemble a genuine one. With typosquatting, cybercriminals register domains that look like those of a legitimate organization. Both methods are designed to make it as hard as possible for potential victims to notice they are being defrauded.

Scammers use compromised or spoofed email accounts to send malicious emails in order to steal money from gullible targets. For example, fraudsters pose as a supplier and ask customers to pay an unpaid invoice. Or they claim that the banking account of their company has changed. Money that’s being transferred then goes to accounts that are controlled by the scammers.

According to the FBI, BEC fraud continues to target both small local businesses and larger corporations. Data from the FBI’s Internet Crime Complaint Center (IC3) shows that BEC scams have been reported in 186 countries, with over 140 countries receiving fraudulent transfers. International banks located in the United Kingdom and Hong Kong often act as an intermediary stop, followed by China, Mexico and the United Arab Emirates (UAE).

Between October 2013 and December 2023, BEC fraud has caused almost $ 55.5 billion in damages globally. Between December 2022 and December 2023, the number of BEC scams grew 9 percent.

“If you discover a fraudulent transfer, time is of the essence. Immediately contact your financial institution and request a recall of the funds along with any necessary indemnification documents,” the FBI points out in a public service announcement.

IC3 recommends entrepreneurs to use secondary channels or MFA to verify requests for changes in account information. In order to protect your email account, it’s best to use unique passwords for every online service and to change them regularly.

In addition, IC3 advises to be alert for hyperlinks that may contain misspellings of the actual domain name. Don’t ever send login credentials or personally identifiable information (PII) via email, and monitor your personal financial accounts on a regular basis for irregularities.


Leave a Reply

Your email address will not be published. Required fields are marked