Business Email Compromise Doubles in Incidents and Triples in Cost

The latest data from the U.S. government’s Financial Crimes Enforcement Network shows fraud via business email is changing tactics and becoming more effective.

Phishing attacks don’t always need to result in the use of malware. In many cases the goal is to commit fraud through impersonation, bogus invoices, and back account rerouting. According to to the enforcements July 2019 Financial Trend Analysis Report these attacks – grouped into what is commonly known as Business Email Compromise (BEC) or CEO fraud is a growing tactic and a concern for organizations.

The 2019 report compares BEC trends from 2016 to 2018. In it are some startling revelations:DST

  • BEC incidents reported have doubled from 500/month in 2016 to over 1100/month in 2018
  • BEC thefts have nearly tripled from $110M/month in 2016 to $301M/month in 2018
  • Manufacturing & Construction, Real Estate, and Finance are the top 3 industries targeted
  • The top scam type involves a vendor invoice
  • The average transaction amount was $125,439

The perceived unwillingness for employees to question the CEO works in the scammer’s favor, making CEO impersonation a major factor in BEC scams.

Organizations in any industry need to be concerned about these trends.  Having vendors, pays bills, etc., makes any organization a target.

Educating your users with access to payment vehicles should be put through continual Security Awareness Training to help them understand the prevalence and methods of these scams.

Stay Safe out there!