Business email compromise (BEC) / email account compromise (EAC) is a scam where a combination of social engineering and computer intrusion techniques are used to obtain a transfer of funds from an organization. Lately, sophisticated / targeted social engineering and compromised email accounts have been used to conduct these attacks. According to the FBI, the scam has been reported in all 50 states in the US and 150 countries. Additionally, between December 2016 and May 2018, there was a 136% increase in identified global exposed losses.
In the report, the FBI mentions the targeting of the real-estate sector as the major increase. Also mentioned in the report was the fact that small, medium, and large sized businesses are being targeted as well.
Since 2015, Proficio has worked with clients that have been targets of various BEC scams. What Proficio has observed is impersonation of executives is common and finance and human resource departments are often targets of the scam.
Although the scams were known, What was not known was the impact of these scams and how profitable the parties performing the attacks could be. According to the FBI report, between October 2013 and May 2018, over 78,000 reported incidents accounted for over $12,000,000,000 in losses.
Because these attacks are now in the billions in losses and attackers will likely have resources and motives in the future to perform these attacks, it is recommended to pay a great deal of attention to these types of attacks in the future.
Proficio Threat Intelligence Recommendations:
- Place additional checks and balances with procedures for wire transfers performed on behalf of the organization.
- Deploy additional targeted user training around phishing for key executives and individuals in the finance and human resources department.
- Report activity to the FBI if a successful BEC happens.
Public Service Annountcment – Click Here