Categories: CyberCrimeSecurity

Businesses Lose $215m to BEC Email Scam – So How Do You Protect Yourself?

Federal investigators say that in the last 14 months alone, cyber thieves have stolen nearly $215 million from businesses through the “business email compromise” swindle, known more pithily as BEC.

BEC starts by hacking the accounts of business executives and employees that work with foreign suppliers or who regularly make wire transfer payments.

Wide-scale losses

According to data from the Internet Crime Complaint Center published on the Krebs On Security blog, so far there have been 1198 victims of BEC in the US and 928 victims outside it, racking up a grand total of $214,972,503.30 lost.

Already the FBI says it has seen a variety of versions of BEC. Whether the scam is carried out by email or telephone, however, usually the thieves take advantage of a close relationship in the company – for example a CEO to the finance department, or an employee to a supplier.

The scam then sends an email or phone call to an employee with access to company funds asking them to wire money for an invoice payment into a fraudulent account. The attack is normally well-researched and convincing.

So what can you do to protect yourself? Kevin Epstein, VP of Advanced Security and Governance of Proofpoint told TechWeekEurope that “For protection organisations must invest in a cloud-based advanced threat solution. Legacy email gateways won’t detect these threats – the emails contain no malware. ”

“Similarly, ‘sandboxes’ will miss these attacks, as there’s no binary to detect. Only modern protection systems, systems that use ‘big data’ analysis to find anomalies between standard email patterns from trusted sources and deviations in those patterns, based on content (a science known as ‘anomalytics’) will be able to find the needle in the haystack that these emails represent.”

Want to keep up-to-date with all the latest mobile news? Sign up for our free newsletter!

Alysia Judge

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago