Skip to main content

Companies Are Losing Billions To Business Email Compromises

By September 26, 2019May 16th, 2022Cybersecurity

The FBI’s statistics on BEC (Business Email Compromise) are alarming to say the least.  Over the last twelve months, the law enforcement agency has witnessed a 100 percent increase in the identified global exposed business losses attributable to BEC. Between June 2016 and July 2019, there were a total of 166,349 BEC incidents reported to the FBI, which led to total losses in excess of twenty-six billion dollars.

Worse, the cyber criminals engaging in these types of attacks don’t limit themselves to Fortune 500 companies.  They’re just as likely to target small to medium sized businesses as they are to target major international firms.

Typically, a BEC attack works something like this:

A fraudster will pose as either a high-ranking company official or a trusted business partner and begin email communication with a mid-level employee at your firm.  Over the course of that conversation, a request will be made to the employee to transfer funds to what the employee believes to be an account belonging to a longstanding business partner.

Thinking that they’re doing the bidding of their CEO or of a trusted business partner, these transfers are often made without a second thought. Of course, by the time it is discovered that the person the employee was communicating with was a fraud, the money is long gone and virtually impossible to recover. A BEC attack can take other forms too, however.

In fact, according to the FBI’s Internet Crime Complaint Center:

“One variation involves compromising legitimate business email accounts and requesting employees’ Personally Identifiable Information or Wage and Tax Statement (W-2) forms. Payroll diversion schemes that include an intrusion event have been reported to the IC3 for several years.  Only recently, however, have these schemes been directly connected to BEC actors through IC3 complaints.”

The bottom line is that this type of issue is getting worse and increasingly common.  Be sure your employees are aware and mindful of who they’re releasing funds to.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.