In this COVID-19 era, regardless of the size of your organization, digital communication and transactions are more frequent. Protecting information and its authenticity is crucial to organizations. Even so, less sophisticated cyber attacks like domain spoofing, phishing, and impersonation continue to be used successfully in BEC scams. In 2020, the FBI's Internet Crime Complaint Center (IC3) received 19,369 Business Email Compromise (BEC)/Email Account Compromise (EAC) complaints with adjusted losses of over $1.8 billion. 

Cybercriminals continue to pivot and adapt to preventative controls, but a multi-layered defense incorporating cybersecurity tools with employee and customer training will likely curb BEC incidents. Although most cybercriminals are elusive and arrests are rare, law enforcement authorities are making gains. In February, Obinwanne Okeke was sentenced to ten years in prison for cyber fraud using BEC; Okeke scammed $11 million from victims.

Proactive measures to consider include:

  • Signing employees up for identity monitoring services to remain alert of fraudulent activity
  • Using anti-BEC technology
  • Staying current on various BEC attack vectors 
  • Educating and training employees on social engineering attacks
  • Implementing customer service training programs on BEC threats

Report BEC incidents immediately to IC3 at https://www.ic3.gov/Home/ComplaintChoice. Send phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org and ftc.gov/complaint.