(Image: MarsBars/Getty Images)
Ransomware and data breaches may get all the attention, but the FBI is warning that scammers have been busy exploiting another kind of fraud: business email compromise (BEC) attacks.
The FBI today issued an alert about BEC attacks, which estimates exposed losses of $43 billion from companies across the globe since 2016, meaning actual and attempted losses.
These schemes often involve a scammer either trying to take over the official email account of a CEO or high-ranking executive or impersonating them (or a trusted supplier) through a spoofed email account. The culprit will then message the company’s accounting staff and request a large transfer of funds—thousands or sometimes millions of dollars. An unsuspecting employee might fall for the trick and mistakenly send the money to the scammer’s bank account.
Although BEC attacks are nothing new, the FBI is warning the scams continue to “grow and evolve,” and can involve targeting major corporations, small businesses, and personal transactions. Lately, BEC scammers are quickly laundering the stolen funds by converting them into cryptocurrency.
“Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses, meaning the dollar loss that includes both actual and attempted loss in United States dollars,” the agency added. “This increase can be partly attributed to the restrictions placed on normal business practices during the COVID-19 pandemic, which caused more workplaces and individuals to conduct routine business virtually.”
The FBI also decided to quantify the impact of BEC scams since 2016 by looking at law enforcement reports and filings from financial institutions. In total, the agency counted 241,206 incidents connected to BEC attacks globally, which tried to steal an estimated $43.3 billion.
To stay safe, the FBI is urging users to implement two-factor authentication on their email accounts, which forces anyone logging in to supply both the correct password and a one-time passcode usually generated on their smartphone.
Users should also be on guard against phishing emails that can contain malware capable of taking over your computer. These emails will often pretend to come from legitimate organizations. “Ensure the URL in emails is associated with the business/individual it claims to be from,” the FBI added. “Be alert to hyperlinks that may contain misspellings of the actual domain name.”
If you receive a large money transfer request from a CEO or family member, you should also consider calling them or meeting in-person to confirm the request is real.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
