Business Email Compromise (BEC) and Email Account Compromise (EAC) attacks are scams which include schemes such as Social Engineering Fraud or Berkley Crime’s coined term (Corporate Deception Fraud). By whatever name, losses are occurring when malicious actors (fraudsters) trick an individual into making a transfer of company funds.
The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center released its 2020 Internet Crime Report stating BEC and EAC complaints hit a record high in 2020 with nearly 20,000 complaints accounting for $1.8 billion in adjusted losses. During this cultivated scam, both business and personal emails are compromised through a social engineering or computer intrusion approach in order for the fraudster to manipulate unapproved fund transfers.
In 2013, the scams began with hacking or spoofing chief executive officers’ or chief financial officers’ email accounts Once the information the fraudsters are looking is obtained, the fraudsters then impersonate individuals in communications between vendors and customers in order to redirect legitimate payments to fraudulent bank accounts. As a result, a successful email account compromise at one business can hinge on numerous victims within an industry.
Just last month, a Powder Springs man was indicted for allegedly defrauding a Pennsylvania university out of $2M. The scam began with a fraudulent email that was sent to the unidentified university supposedly from a medical supply company. The fraudulent email apparently had ACH (Automated Clearing House) instructions that directed school officials to transfer payments to an account that allegedly belonged to the medical supply company which actually went to a bank account controlled by the fraudster. Once the funds were received, the 34-year-old Powder Springs man moved the money from that bank account to other bank accounts associated with his logistics company. Some of the funds were sent to Kenya as well as to other people associated with him.
On April 20, 2021 the 34-year-old Powder Springs’ man was indicted by a federal grand jury.
To read the full article click here.
Other Source: FBI Internet Crime Complaint Center – https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf
Prevent This From Happening To YOU!
Using fraud prevention best practices and processes for BEC can help protect your company and reduce the risk of loss. Below are a few quick tips which may help in protecting yourself and your business from business email compromise:
- Provide training for employees to help recognize business email compromise and/or phishing schemes.
- Have your company create intrusion detection system rules that will flag emails with extensions that are similar to company email.
- Provide security by requiring additional two-factor authentication for payment verification.
- Report and delete unsolicited email from an unknown party.
- Always make a callback to a known employee at a vendor when payment instructions are changed.
To learn more about protection yourself click here.
Make Sure Your Clients Take a Proactive Approach To Protecting Their Business Should a Loss Occur
Make sure your clients have crime insurance. Take the steps to ensure that your clients are covered by calling one of the Berkley Crime team members listed below.