Business Email Compromise, or BEC, scams involve fraudsters hacking into email accounts, posing as someone else and tricking victims into wiring money to the wrong accounts or buying things they shouldn’t, as the Associated Press reports.
According to FBI data, BEC scams cost almost $2.4 billion last year in the United States, up 33% from 2020 and more than tenfold from seven years ago. Experts say actual losses may be much higher, because many victims don’t come forward.
Fraudsters often carry out BEC scams through targeted phishing emails. They have also been embracing “deep fake” audio, new technology that uses artificial intelligence and can simulate voices. With deep fakes, a phone call that sounds like a corporate executive urging an underling to send money someplace unusual could be coming from a scammer.
Former FBI cyber analyst Crane Hassold said that federal prosecutors sometimes don’t take on BEC cases unless at least several million dollars has been stolen, because the attacks are so widespread. Fortune 500 companies, municipalities and federal agencies are all potential targets.
The FBI recently announced 65 arrests in connection with BEC scams that allegedly bilked more than 500 U.S. victims out of at least $51 million, as ZDNet reports. “Operation Eagle Sweep” was a three-month operation that started in September 2021, resulting in arrests in not only the U.S. but also Nigeria, South Africa, Canada, and Cambodia.
Steps for reducing the risk of BEC scams include two-factor authentication, a “trust but verify” approach and annual email security audits, advises cybersecurity firm BlackCloak Partners in a column for Security Boulevard.
One hopeful sign may come from cybersecurity firm Trend Micro’s annual report, which finds that BEC scams actually decreased 11% last year.