Business Email Compromise (BEC) is defined by the FBI’s IC3 as “a sophisticated scam targeting businesses that perform electronic payments such as wire or ACH transfers.” In addition to diverting funds, BEC perpetrators may also target Personally Identifiable Information (PII) or W-2s, which can either be further exploited, resold, or both. This type of fraud can range from quick, one-time hits to sophisticated infiltration schemes that unfold over months or even years. And as the numbers below reveal, it is an extremely lucrative criminal pursuit.
Losses from Business Email Compromise schemes have grown every year since the FBI began tracking them in 20133. In 2019, this type of fraudster siphoned money from its corporate victims at the rate of nearly $203,000 per hour. Last year, the FBI named BEC the top financial threat (by reported losses) to American business organizations5. However, Financial institutions (FIs) have often taken a different, less urgent view.
The FBI has outlined five scenarios that are typically used to execute BEC scams.
Payment change request: “Bogus Invoice” or “Supplier Swindle
Executive wire transfers: “CEO Fraud” or “Masquerading”
Contact compromise: to spoof a legitimate communication from existing supplier
Executive or attorney Impersonation: to provide false urgency to a fraudulent transaction
Data theft: request W-2s or PII data via compromised email from employee
Download the white paper to learn three steps that you can take to safeguard your institution.
