A recent investigative study by Better Business Bureau has discovered that business email compromise scams are skyrocketing in frequency, and have cost businesses and other organizations more than $3 billion since 2016.
Business email compromise (BEC) fraud is an email phishing scam that typically targets people who pay bills in businesses, government, and nonprofit organizations. It affects both big and small organizations, and it has resulted in more losses than any other type of fraud in the U.S., according to the FBI.
BEC fraud takes many forms, but in essence, the scammer poses as a reliable source who sends an email from a spoofed or hacked account to an accountant or chief financial officer, asking them to wire money, buy gift cards, or send personal information, often for a plausible reason. If money is sent, it goes into an account controlled by the con artist.
Businesses and other organizations should take technical precautions such as multi-factor authentication for email logins and other changes in email settings, along with verifying changes in information about customers, employees, or vendors. The BBB report also urges culture and training changes in organizations – namely, confirming requests by phone before acting, and training all employees in internet security.
If an organization finds that it has been a victim of a BEC fraud, it should immediately call its bank to stop the payment and report it to the FBI. If a report is filed within 48 hours, there is a chance the money can be recovered. Complain to the FBI’s Internet Crime Complaint Center. IC3 also asks people to report unsuccessful BEC attempts as well; this information may help establish patterns or identify mule bank accounts.