News Security

Billion dollar BEC Fraud Deciphered: What you need to know

More than 400 companies are targeted with BEC scams every day, find out more and learn how to stay protected

Business email compromise (BEC), or CEO fraud, continues to be the bane of companies in 2016. BEC scams are low-tech financial fraud in which spoofed emails from CEOs are sent to financial staff to request large money transfers. While they require little expertise and skill, the financial rewards for the fraudsters can be high. An Austrian aerospace manufacturer recently fired its president and CFO after it lost almost US$50 million to BEC fraudsters.

In light of recent warnings from the FBI regarding BEC, we took an in-depth look at Symantec’s Email Security Cloud data to get a better understanding of the state of BEC fraud today.

So who’s being hit by these scams? And who are the people behind them? Here’s what we know:

BEC scammers are pretty indiscriminate in the organizations they target. Almost 40 percent of identified victims are small to medium sized businesses. The next largest category of victim is the financial sector, at 14 percent.
Email data from Symantec shows how hundreds of organizations are receiving BEC scam emails every day. Within these organizations, at least two individuals will be targeted with a BEC email. These individuals will most likely be senior financial staff.

Data from the FBI illustrates how lucrative BEC is. At least $3 billion have been lost to BEC scams in the past three years, with over 22,000 victims globally. Nigerian 419 scams were one of the first email financial scams. Individuals were sent emails promising them riches in return for a small donation to help a fictional Nigerian prince. These scammers have now moved onto targeting businesses and are using less elaborate ruses to trick them into transferring money.

We examined a number of email addresses used by the scammers and found that 46 percent have Nigerian IP addresses. The rest are operating from the United States, the United Kingdom, South Africa, Malaysia, and Russia.

One group of scammers is responsible for approximately 12 percent of BEC emails we’ve observed. Over the past two months, this group has obtained access to at least 68 legitimate email accounts, targeted over 2,700 organizations, and used 147 email accounts to correspond with victims. The majority of this group’s activity originates from Nigeria, though some of their emails come from the UK and US too.

It should come as no surprise that the majority of BEC emails are sent on weekdays. The scammers know that this is when most businesses would expect emails. And more importantly, most financial transactions can only be cleared during weekdays. BEC scammers are also most active during a typical working day. They will generally begin sending emails from 0700 GMT, take a break from 1100 until 1400 GMT and then resume sending until 1800 GMT.

BEC scammers keep things simple with most emails containing a single-word subject line. Subjects always contain one or more of the following words: request, payment, urgent, transfer, and enquiry. Simple, innocuous subject lines are less likely to arouse suspicion and are also harder to filter.

According to the findings, user education is the most effective means of protecting companies against BEC scams. Question any emails requesting actions that seem unusual or aren’t following normal procedures. Users shouldn’t reply to any emails that seem suspicious. Obtain the sender’s address from the corporate address book and ask them about the message. If you believe you have been a victim of BEC fraud, notify your financial institution and local law enforcement as soon as possible.

Related posts

eScan Cyber Security Software Solutions Announces Strategic Partnership with TD SYNNEX to Enhance Cybersecurity Distribution

enterpriseitworld

Publicis Sapient to Create a BU for Google Cloud AI

enterpriseitworld

Skylark Opens OT Cybersecurity COE with Fortinet

enterpriseitworld
x