• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
  • TPRM by ThirdPartyTrust
  • Beacon by ThirdPartyTrust
  • Solutions
  • Risk Assessment Automation
  • Security Questionnaire Automation
  • Shadow IT Management
  • Zero Day Remediation
  • Integrations
  • Industries
    • Financial
    • Energy
    • Healthcare and Hospitals
    • Legal
    • Life Sciences
    • Manufacturing Industry
    • Retail
    • Technology
    • Other Industries
  • Pricing
  • Resources
  • Blog
  • Strategy Guides
  • Case Studies
  • Data Sheets
  • Webinars
  • Dictionary
  • API
  • Company
  • About us
  • Careers
  • Partners
  • Partners Login
  • Product Security
  • Privacy Policy

Business email compromise scams reach $43 billion in losses

Published by Sabrina Pagnotta on May 12, 2022
Categories
  • Blog
Tags
  • Cybersecurity
business-email-compromise

Business email compromise scams jumped a whopping 65% to a total of $43 billion in losses worldwide in just five years, from 2016 to 2021, according to a recent report by the FBI. During this period, over 140 countries received fraudulent transfers, with Thailand, Hong Kong, and China as the top 3 destinations.

In the US, the total victim count is 116,401, with a $14,762,978,290 total dollar loss. The findings are based on data and complaints from the Internet Crime Complaint Center (IC3), compiled since October 2013. 

While disturbing, the findings are not exactly surprising. As businesses increasingly go digital, virtually all forms of cybercrime have risen in recent months, including ransomware and zero day attacks. The new approaches and the financial impact of business email compromise is putting organizations under added pressure, as cybercriminals find new ways of making their fraudulent requests appear believable.

According to the announcement, this increase can also be attributed to the restrictions placed on normal business practices during the COVID-19 pandemic, which caused more workplaces and individuals to conduct routine business virtually.

 

Read More: Email Security Vulnerabilities Causing Most Cyber Insurance Claims

 

What is business email compromise?

Business email compromise (BEC) is a form of social engineering where cybercriminals send an email that appears to come from a known source making a legitimate request. 

What are examples of business email compromise scams? The FBI cites the following:

  • A vendor your organization regularly deals with sends an invoice with an updated mailing address.
  • A CEO asks their assistant to make an urgent payment.
  • A home buyer receives a message from their title company with instructions on how to wire his down payment.

BEC schemes would traditionally target businesses and individuals in finance, payroll, or accounts payable, who often respond to funds-transfer requests. However, they’re now expanding to bigger audiences. 

In addition to transfer-of-funds requests, BEC schemes may involve compromising legitimate business email accounts and requesting employees’ Personally Identifiable Information, Wage and Tax Statement (W-2) forms, or even crypto currency wallets.

Read More: 7 Tips for Phishing Prevention and Business Email Compromise

 

Why are business email compromise scams a concern for security leaders? 

Similar to phishing, the problem with BEC is that it can often lead to more serious vulnerabilities and malware attacks. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their device, creating a gateway for criminals into the corporate network.

BEC is one of the most financially damaging online crimes, while also easy to conduct. It exploits the increased reliance on email for personal and professional affairs, and the trust that victims have already established with third party institutions.

This sometimes makes business email compromise hard to detect, as it’s not as evident as clicking on a suspicious link or downloading a malicious file.

Scammers have refined their campaigns with techniques such as fake voice technology, website spoofing, fraudulent social media and employee profiles, in order to make their emails more believable. They often infiltrate a company’s network and create fake receivable accounts to conduct their scams.

According to SC Magazine, IC3 also reported the percentage of cryptocurrency-based complaints and losses increased significantly in 2021, with cybercriminals opting to request funds in the form of cryptocurrency because these transactions can occur quickly and tend to lack an audit trail. Cybercriminals have stolen cryptocurrency through both direct transfers to a crypto-exchange or an indirect or “second hop” transfer to an exchange, according to the IC3’s findings.

 

How to protect yourself 

  • Participate in cyber awareness training to be prepared to detect malicious campaigns.
  • Don’t click on any links or files in an unsolicited email or text message asking you to update or verify account information; look up the company’s phone number or official website to ask if the request is legitimate.
  • Carefully examine the email address, URL, and spelling used in any correspondence; scammers use small typos or character changes to trick your eye and gain your trust.
  • Make sure all of your devices are equipped with regularly updated antivirus, firewall, email filters, and anti-spyware.
  • Ensure the settings in employees' computers are enabled to allow full email extensions to be viewed.
  • Be careful what you download. Never open an email attachment from someone you don't know, and be wary of email attachments forwarded to you.
  • Set up two-factor (or multi-factor) authentication on any account that allows it.
  • Verify payment and purchase requests, or changes in payment procedures, in person or via phone call, to make sure they’re legitimate.
  • Be especially wary if the requester is pressing you to act quickly.
passwords vendor risk management

Protect your supply chain from exposed credentials

Our survey found that 76% of users change their passwords only when they have to. Are your vendors enforcing security standards that keep your business safe?

Get the latest research on password usage and learn how to protect credentials across your supply chain.

Get The Guide
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
    • Phone
      |+1-617-245-0469
    • Address
      |
      111 Huntington Ave, Suite 2010, Boston, MA 02199
    • Sales
      |sales@bitsighttech.com
    • Contact Us
    Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

    ©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
    • BLOG
    • PARTNERS LOGIN
    • CONTACT US
    • PRIVACY POLICY
    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
    Do not sell my personal information.
    Reject AllAccept
    Cookie Settings
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
    CookieDurationDescription
    cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
    cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
    cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
    cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
    cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
    viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
    Functional
    Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
    Performance
    Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
    Analytics
    Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
    Advertisement
    Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
    Others
    Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
    SAVE & ACCEPT