This is serious: FBI officials are warning potential victims of a dramatic rise in the business email compromise scam or “BEC,” a scheme that targets businesses and has resulted in massive financial losses across the country.
According to the feds, the hackers go to great lengths to spoof company email or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor.
They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that correspond to amounts the company is accustomed to paying.
There are various versions of the scams. Victims range from large corporations to tech companies to small businesses to non-profit organizations. Many times, the fraud targets businesses that work with foreign suppliers or regularly perform wire transfer payments.
Law enforcement globally has received complaints from victims in every U.S. state and in at least 79 countries. Since January 2015, the FBI has seen a 270% increase in identified victims and exposed loss.
From October 2013 through February 2016, law enforcement received reports from 17,642 victims, the FBI said. All told, these cases amounted to more than $2.3 billion in losses.
If your company has been victimized by a BEC scam, the FBI says you should:
- Contact your financial institution immediately
- Request that they contact the financial institution where the fraudulent transfer was sent, and
- File a complaint—regardless of dollar loss—with the Internet Crime Complaint Center (IC3).
Tips for businesses
Some suggestions for protecting yourself from these potentially crippling attacks:
- Be wary of email-only wire transfer requests and requests involving urgency
- Pick up the phone and verify legitimate business partners.
- Be cautious of mimicked email addresses, and
- Institute multi-level authentication.
For further information, visit FBI stats & tips on business e-mail scams.