Monday, January 18, 2021

What is Business Email Compromise (BEC) Fraud


Business email compromise (BEC) is a type of internet insecurity aimed at impersonating top-level executives, redirecting funds, and stealing invaluable data from organizations.

At the very low end of the scale, BEC scams do not require a sophisticated technical skill set by attackers before execution. The use of the everyday email is a major tool exploited in defrauding businesses of a lot of money.

The threat of BEC scams is largely unknown emerging across the globe. There have been several attacks ranging from individuals to large corporations.

In 2017, the US Federal Bureau of Investigation (FBI) reported that 22,143 victims all over the world have fallen for BEC scams since January 2015. Also, from January 2015 to June 2016, the FBI assesses that BEC scams increased by 1,300%

BEC scams take on different forms, the most common ones are; The ‘CEO fraud’ – this is the classic BEC scam where an attacker hacks the email of the Chief Executive Officer or another top-level executive and requests funds transfer from employees in charge of these funds into the attacker’s account.

  • The Bogus invoice scam – The attacker hacks the email of a supplier and sends fake payment requests to its customers containing the banking details of the attacker. This is common in businesses with foreign suppliers.
  • Lawyers’ impersonation – Hackers impersonate law firms that are in charge of valuable and classified information of the target company. Fraudsters often request for funds transfer and tag this request as ‘classified’.
  • Data theft – This type of BEC scam is usually conducted for a greater level of fraud. It involves requesting sensitive information and biodata from employees in departments like Human Resources and Accounts.
  • Business and organizational contacts that have received payment requests from a compromised email is hacked and used to carry out such payment requests.

The process with which the various types of BEC scams are conducted differs in their level of complexity; some do require advanced technical expertise than others.

Noteworthy instances include the use of criminal malware to attack businesses and setting up of one-time-use Gmail accounts for impersonation.

BEC attacks could be perpetrated by anyone from anywhere in the world which makes it difficult for the funds to be tracked. The proceeds from this criminal activity are laundered via money laundering to cover their tracks.

- Advertisement -

In order to prevent BEC scam attacks, several solutions are available for organizations to implement.

In cases of impersonation – encompassing CEO fraud, lawyers’ impersonation, and bogus invoice scam – policies should be put in place; for further identity verification phone call verification or better still a face-to-face confirmation.

Good anti-malware and technologies such as DMARC, SPF, and DKIM should be in place to help protect against BEC.

As developers are improving on the anti-malware technologies, attackers are also improving their techniques. This puts the future of the BEC scams in a tug of war, therefore email users must be on alert as a potential target.


Must Read

Samsung Electronics Co. heir Jay Y. Lee was sentenced to 30 months in prison over bribery charges, a dramatic setback for the world’s biggest...
Credit card firm Capital One Financial Corp has been fined $390 million for engaging in what the U.S. government called willful and negligent violations...
European Central Bank President Christine Lagarde took aim at Bitcoin’s role in facilitating criminal activity, saying the cryptocurrency has been enabling “funny business.” “For those...
Consumers should be prepared to lose all their money if they invest in schemes promising high returns from digital currencies such as bitcoin, a City...
The Trump administration on Monday slapped sanctions on seven Kremlin-linked individuals and four entities for attempting to interfere in the 2020 U.S. presidential election. The...

Latest News

Samsung Electronics Co. heir Jay Y. Lee was sentenced to 30 months in prison over bribery charges, a dramatic setback for the world’s biggest...
A Connecticut man has been charged with defrauding investors in an alcoholic beverage company and diverting hundreds of thousands of dollars for his personal...
The prosecution case against three NCAA insiders who bribed families of college basketball players was a slam dunk, a federal appeals court in New...
The Serious Fraud Office today dropped its investigation into allegations of bribery at British American Tobacco’s East African operations but said it would continue...
A former government contractor was sentenced today for his role in a bribery and kickback scheme where he paid bribes to secure U.S. Army...
Enable Notifications    OK No thanks