Businesses Lose $215m to BEC Email Scam – So How Do You Protect Yourself?

Federal investigators say that in the last 14 months alone, cyber thieves have stolen nearly $215 million from businesses through the “business email compromise” swindle, known more pithily as BEC.

BEC starts by hacking the accounts of business executives and employees that work with foreign suppliers or who regularly make wire transfer payments.

Wide-scale losses

According to data from the Internet Crime Complaint Center published on the Krebs On Security blog, so far there have been 1198 victims of BEC in the US and 928 victims outside it, racking up a grand total of $214,972,503.30 lost.

Already the FBI says it has seen a variety of versions of BEC. Whether the scam is carried out by email or telephone, however, usually the thieves take advantage of a close relationship in the company – for example a CEO to the finance department, or an employee to a supplier.

The scam then sends an email or phone call to an employee with access to company funds asking them to wire money for an invoice payment into a fraudulent account. The attack is normally well-researched and convincing.

So what can you do to protect yourself? Kevin Epstein, VP of Advanced Security and Governance of Proofpoint told TechWeekEurope that “For protection organisations must invest in a cloud-based advanced threat solution. Legacy email gateways won’t detect these threats – the emails contain no malware. ”

“Similarly, ‘sandboxes’ will miss these attacks, as there’s no binary to detect. Only modern protection systems, systems that use ‘big data’ analysis to find anomalies between standard email patterns from trusted sources and deviations in those patterns, based on content (a science known as ‘anomalytics’) will be able to find the needle in the haystack that these emails represent.”

Want to keep up-to-date with all the latest mobile news? Sign up for our free newsletter!