In this COVID-19 era, regardless of the size of your organization, digital communication and transactions are more frequent. Protecting information and its authenticity is crucial to organizations. Even so, less sophisticated cyber attacks like domain spoofing, phishing, and impersonation continue to be used successfully in BEC scams. In 2020, the FBI's Internet Crime Complaint Center (IC3) received 19,369 Business Email Compromise (BEC)/Email Account Compromise (EAC) complaints with adjusted losses of over $1.8 billion.
Cybercriminals continue to pivot and adapt to preventative controls, but a multi-layered defense incorporating cybersecurity tools with employee and customer training will likely curb BEC incidents. Although most cybercriminals are elusive and arrests are rare, law enforcement authorities are making gains. In February, Obinwanne Okeke was sentenced to ten years in prison for cyber fraud using BEC; Okeke scammed $11 million from victims.
Proactive measures to consider include:
- Signing employees up for identity monitoring services to remain alert of fraudulent activity
- Using anti-BEC technology
- Staying current on various BEC attack vectors
- Educating and training employees on social engineering attacks
- Implementing customer service training programs on BEC threats
The fraudulent email, titled "Your Credit Card Statement Is Ready," appeared to have been sent by "Jp Morgan Chase." Its content was fashioned to resemble genuine communications from the American national bank.