The FBI's statistics on BEC (Business Email Compromise) attacks are alarming, to say the least. Over the last twelve months, the law enforcement agency has witnessed a 100 percent increase. The identified global exposed business losses attributed to BEC. Between June 2016 and July 2019, a total of 166,349 BEC incidents reported to the FBI. This led to total losses in excess of twenty-six billion dollars.
Worse, the cybercriminals engaging in these types of attacks don't limit themselves to Fortune 500 companies. They're just as likely to target small to medium-sized businesses as they are to target major international firms.
Typically, a BEC attack works something like this:
A fraudster will pose as either a high-ranking company official or a trusted business partner and begin email communication with a mid-level employee. Requesting the employee to transfer funds to an account belonging to a longstanding business partner.
Thinking that they're doing the bidding of their CEO or a trusted business partner, they made transfers without a second thought. Typically, the money is long gone and virtually impossible to recover once discovered. BEC attacks can take other forms, too, however.
In fact, according to the FBI's Internet Crime Complaint Center:
"One variation involves compromising legitimate business email accounts and requesting employees' Personally Identifiable Information or Wage and Tax Statement (W-2) forms. Payroll diversion schemes include an intrusion event [were] reported to the IC3 for several years. However, these schemes [were] directly connected to BEC actors through IC3 complaints."
The bottom line is that this type of issue is getting worse and increasingly common. Be sure your employees are aware and mindful of who they're releasing funds to.