The FBI cites Business Email Compromise (BEC) as the internet crime that cost Americans the most in 2020—over $1.8 billion! What can you do to keep from being part of that statistic?

What is BEC?

Business email compromise (BEC) is a scam where a criminal targets a business or organization via email. They intend to defraud the organization of either money or data. The FBI has divided BEC scams into 5 kinds:

• CEO Fraud: Attackers impersonate someone of high rank within the organization, then request funds to be transferred to an account they control.
• Account Compromise: The email account of an internal staff member or volunteer is compromised and used to request payment to third parties, which really end up in accounts the attackers control.
• False Invoice Scheme: An invoice is sent in the name of a supplier via hacked or faked email accounts. Payment is made to an account the attackers control.
• Attorney Impersonation: Attackers impersonate legal representatives. They request either payment or information, relying on the trust often afforded legal counsel.
• Data Theft: Attackers target HR or other departments to gain information. The information is then used either as leverage or fuel for a later attack.

What can I do?

Preventing a problem is almost always better than trying to fix one. With that in mind, you can do the following to help reduce your risk:

1. Confirm any out of the ordinary requests via phone call or in person. (Remember to look the number up from a source other than the suspicious email!)
2. Confirm any change in account number or payment procedures before changing payment details.
3. Take your time. BEC operators often attack during the busy times of day so you make rushed decisions. Keep an eye out for common phishing signs.
4. Manage your privacy controls on social media and professional networking sites. This makes it harder for an attacker who does not know you to gain your trust by referring to information you think is private.
5. Enable multifactor authentication whenever it is available.

If you believe you have fallen victim to BEC, quickly do the following:

1. Alert your bank/credit card company. Perhaps they can put a stop on a payment. If nothing else, they can look into where the funds were sent and make record for evidence.
2. Report the crime to your local FBI field office.
3. File a complaint to the FBI’s Internet Crime Complaint Center.

How can Frontline help?

Frontline offers advanced email security to managed services clients. Email security options include email filtering, account activity alerts, security controls, reporting tools, and phishing simulation training.