What is BEC?
BEC is a form of phishing scam known as Business Email Compromise Scam. A fraudster will impersonate a trusted person, either professional or personal, ranging from a colleague, executive, or vendor to deceive a target into the transfer of money or information.
A notable high profiled BEC scam occurred between 2013 and 2015 against tech giants Facebook and Google. Evaldas Rimasauskas and others created a fake company named “Quanta Computer” which is the same name as a real hardware supplier. The fake company submitted convincing looking invoices which the tech companies paid. It was a collective loss of $121 million by the time the scheme was discovered. In 2022, it was estimated that $2.7 billion was lost to BEC scams.
How is the scam carried out?
The first objective for the fraudster is to identify a target. Although many industries can fall victim to a BEC, construction and real estate organizations are frequently targeted due to the transaction method of the industry.
The next step is to groom their target. Using spoofed email accounts or websites, fraudsters will use persuasion and pressure to manipulate and exploit employees. Although anyone can be a victim, they frequently target employees in the financial department. Using time as an advantage to gain trust, the grooming process can occur over a few days to even a few weeks.
Once their target believes this interaction comes from a trustworthy source, an exchange of information is initiated. Using spear phishing emails, which is a targeted attack to specific individuals, the fraudster is able to trick the victim into revealing confidential information or a wire transfer of funds. Confidential information lets criminals access company accounts, calendars and data that provides details to further carry out a BEC scheme. The criminals may keep up the rouse for an extended period of time in hopes of acquiring more transferred funds or information.
How To Protect Yourself?
Navigating interactions can be tricky. While wanting to conduct business accordingly, criminals will prey on human nature qualities to extract their schemes. Follow these steps to best protect yourself from falling victim to a BEC scheme:
- Be aware and careful of what information you share online. Information such as pet names, school attended, family members, and birthdays can help scammers dissect possible passwords or answer security questions.
- Examine emails, URLs and text messages thoroughly. Don’t click on unsolicited messages asking you to update or verify account information. Verify the company’s information through your own research and not what the person on the other end is informing. Also, check spelling or logos when it comes to emails or web addresses. Scammers use slight differences to trick you to gain your trust.
- Be wary of email attachments! Never open an attachment from someone you don’t know and be wary if it’s forwarded to you. Know what you are downloading to your computer and if you are unsure, wait.
- Set up two-factor authentication on any account that allows it.
- Verify information either in person or through a phone number you know is legitimate.
- If someone is pressuring you to act quickly, be wary. When it comes to vendor interactions, let this be a red flag if someone is pressuring you or remarks it needs to be done immediately.
If you have fallen victim to a BEC scheme, please visit the FBI’s website here on how to report it.