The new Internet Crime Complaint Center (IC3) report states that business email compromise (BEC) is the most costly reported cyber crime of 2021. IC3 reports the losses are close to 2.4 billion US dollars. It is significantly higher than the 2nd place finisher of investments scams at 1.4 billion US dollars.
What is Business Email Compromise
Business email compromise scams consist of legitimate business and personal accounts becoming compromised, typically through social engineering. This is usually done to conduct unauthorized transfers of funds, often in the form of gift cards or updating payment information. Instances have also been discovered to obtain Personally Identifiable Information (PII) or wage and tax statements.
Business email compromise attacks come from legitimate email accounts. These typically come from within your business or may be made to imitate one from within your business. They often will pretend to be from a high level employee asking for a favor or for a typical business action that might occur.
What you can do
Being aware of these types of phishing attacks is key to minimizing your risk of falling victim. Training yourself and your staff on how BEC attacks look and how to respond when receiving one will help prevent the attackers success rate. We know employees like to click on phishing attacks so it is critical to continue to raise awareness.
Below is an example of what a business email compromise may look like. BEC attacks typically put pressure on the recipient and ask them to accomplish a task quickly.
“Hey Security Bytes,
I need you to update our accounts we use for receiving payment from our customers to the new accounts we set up with our bank the other day. Can you do this now as we are expecting a huge purchase in just the next few minutes? Thanks
Regards,
Your Security Bytes Boss”
For more on cybersecurity for your small business check out Small Business, Big Threat!