- Business Email Compromise is not new, but it is on the rise
- Remote work is a contributor to its rapid spread
- Malware is also a threat, and gains entrance via email
BEC, or business email compromise, is a species of scam that has been around for as long as businesses have used email. However, the sharp spike in remote working arrangements (including permanent changes to remote work) spurred by the COVID-19 pandemic has made it a much more tempting (and fruitful) target for scamsters. Attackers are taking advantage of the new need for off-site communications from employee home networks to their employers’ corporate networks.
via Digital Insights
There are five basic kinds of BEC Schemes:
- Bogus Invoice Scheme
- CEO Fraud
- Account Compromise
- Attorney Impersonation
- Data Theft
"BEC claims are one of the primary cyber insurance claims in 2020 and are consistently on the rise. The FBI has issued warnings about the rise of BEC exploits, which were responsible for over $1.77 billion in losses in 2019.
According to cybersecurity firm Proofpoint Inc., COVID-19-related “phishing” attacks have been increasing daily since January. These phishing emails contain content such as advice to employers on combatting COVID-19 in the workplace, false invoices for purchases of medical and cleaning equipment, and fake alerts from health or government organizations related to COVID-19, and often appear to be from legitimate organizations. When these emails are opened, malware is released, which allows the attacker to access and potentially compromise an employer’s network security. These compromised email accounts then serve as an attack route to the employer’s larger computer network."
But, while BEC scams were responsible for over $1.77 billion in losses in 2019, BEC scams skyrocketed 3,000% from mid-March through early June of 2020, according to mid-year analysis from the Agari Cyber-Intelligence Division (ACID).
Electronic payments usage is up, but with it comes privacy issues and the heightened BEC threat for businesses. In the face of such overwhelming fraud growth, many businesses are throttling back their acceptance of electronic payments, and in some cases insisting upon check payments. While the onus is on businesses to stay vigilant for fraud attempts, banks need to continual to modernize their platforms with technologies AI and deep learning to increase their ability to detect fraudulent checks to ensure their customers stay ahead of the fraud wave!