BEC Fraud (Business E-mail Compromise) has reached epidemic levels in recent years. In 2019, the FBI’s Internet Crime Compliant Center, reported that it received complaints with adjusted losses of over $1.7 billion from this type of scam. The reported cases to the IC3 is just a drop in the bucket compared to the overall amount of incidents online. Considering nothing dramatic has changed in the cybercriminal world, it can be assumed that in 2020 and 2021, the numbers are the same, if not worse.
The scam has a few variants in how it is executed and in its technical sophistication. The majority of the cases involve invoice scams, in which the fraudster masquerades as a vendor, sending the victim’s CFO or account payable team a request for payment with an updated bank account information. In term of sophistication, the scam ranges from involving an actual compromised E-mail account of the vendor, the use of a similar domain that impersonates the vendor’s, to a simple well-crafted E-mail message. In all variants, the attacker hopes for the victim to fall for the bait and issue a wire transfer.
The reason why BEC fraud has become immensely popular is due to its high success rate despite the low bar of entry, at least for the less sophisticated variants of the scam. The reason why the success rate is so high is because CFOs and account payable teams don’t have a quick and easy way of validating that the account information they currently have for a vendor is indeed legitimate.
As the anti-fraud industry is beginning to catch up with the threat and BEC fraud detection ..
Support the originator by clicking the read the rest link below.
