FBI warns workers to beware of BEC scams that have stolen $43 billion in five years


Posts: 8,318   +103
Staff member
Why it matters: The FBI is warning individuals and companies of the high costs that come with falling for business email compromise (BEC) attacks. Domestic and international losses are estimated to have reached $43 billion between June 2016 to December 2021, and increased 65% between July 2019 and December 2021.

BEC attacks usually target businesses or individuals that perform legitimate transfer-of-funds requests. They involve compromising the official emails account of high-ranking executives or suppliers through social engineering, phishing, or network intrusion. Once the criminals have access, they message the company's account department requesting a large transfer of funds. As the emails come from official sources, the requests often raise no suspicion.

It's not just fund transfers that the hackers target. Employees are sometimes asked to hand over their personally identifiable details, bank account numbers, wage/tax forms, or cryptocurrency wallets, which are then used for everything from theft to identity fraud.

The FBI warns that BEC scams are growing and evolving, targeting small local businesses to larger corporations and personal transactions. The uptick in incidents over the last few years is being attributed to the pandemic and more people working from home, leading to more companies conducting business remotely. The schemes made $43 billion between 2016 and 2021, and last year saw a record amount of crypto-associated BEC losses: $40 million.

BEC scams have been reported in all 50 states and 170 countries. Most of the stolen funds are transferred to banks in Thailand and Hong Kong, with China, Mexico, and Singapore the next most popular locations.

The FBI advises people to turn on two-factor authentication for their email accounts to protect against BEC attacks. It also says to be wary of signs that an email may be a phishing scam (misspellings in web addresses, etc.), refrain from supplying login credentials or PII of any sort via email, and monitor financial accounts regularly for any irregularities.

Back in 2018, the US Justice Department announced the arrest of 74 people, 42 in the US and 29 in Nigeria, for being involved in BEC schemes. It resulted in the seizure of nearly $2.4 million and the recovery of approximately $14 million in fraudulent wire transfers.

Permalink to story.



Posts: 1,223   +1,488
Only complete dolts fall for their scams in business. One good thing, companies that really care send out test emails to employees to see if they're dumb enough to fall for phishing scams. Even when employees know they're doing this they still manage to have users follow-up on the scam. Too many stupid people in the world and the haxors know it.


Posts: 1,305   +953
When I used to work as a Part Qualified Management contract Accountant in London ( I could do most things - had no interest in being an Accountant - should of done Program Development London in 90s - good easy money- black hole in backroom - no one understood what you did - yes Boss that will take 6 months like you say ( do it super well in 1 month - goof off - hey Boss we busted our *** and did it in 4 months ) ,
I used to go into medium size companies and clean up their messes .
Always amazed somethings those in charge of collecting debts and payments were paid so little .
I would see someone on say 12000 pounds responsible for collecting say 50 Million pounds of invoices over the year . Sloppy work - means late payment , non-payment , non-invoiced, wrongly invoiced, payments to invoices wrongly reconciled so real mess ( WE PAID THAT INVOICE ) - a problem if invoices very similar etc .
As for purchasing people - Purchasing 100s of Millions being pay peanuts - think you can see problem there