These are alarming, to say the least. Over the last twelve months, the law enforcement agency has witnessed a 100 percent increase in the identified global exposed business losses attributable to BEC. Between June 2016 and July 2019, there were a total of 166,349 BEC incidents reported to the FBI, which led to total losses in excess of twenty-six billion dollars.
Worse, the cybercriminals engaging in these types of attacks don't limit themselves to Fortune 500 companies. They're just as likely to target small to medium-sized businesses (SMBs) as they are to target major international firms.
Typically, a BEC attack works something like this
A fraudster will pose as either a high-ranking company official or a trusted business partner and begin email communication with a mid-level employee at your firm. Over the course of that conversation, a request will be made to the employee to transfer funds to what the employee believes to be an account belonging to a longstanding business partner.
Thinking that they're doing the bidding of their CEO or of a trusted business partner, these transfers are often made without a second thought. Of course, by the time it is discovered that the person the employee was communicating with was a fraud, the money is long gone and virtually impossible to recover. A BEC attack can take other forms too, however.
In fact, according to the FBI's Internet Crime Complaint Center
"One variation involves compromising legitimate business email accounts and requesting employees' Personally Identifiable Information or Wage and Tax Statement (W-2) forms. Payroll diversion schemes that include an intrusion event have been reported to the IC3 for several years. Only recently, however, have these schemes been directly connected to BEC actors through IC3 complaints."
The bottom line is that this type of issue is getting worse and increasingly common. Be sure your employees are aware and mindful of who they're releasing funds to. You might want to invest in Security Awareness Training.
As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!"
Meanwhile, check out this report
This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.
Contact me if you would like me to speak at your association.