Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Business Email Compromise Doubles in Incidents and Triples in Cost

    Depositphotos_146680381_s-2019The latest data from the U.S. government’s Financial Crimes Enforcement Network (FinCEN) shows fraud via business email is changing tactics and becoming more effective.

    Phishing attacks don’t always need to result in the use of malware. In many cases the goal is to commit fraud through impersonation, bogus invoices, and back account rerouting. According to FinCEN’s July 2019 Financial Trend Analysis Report these attacks – grouped into what is commonly known as Business Email Compromise (BEC) or CEO fraud is a growing tactic and, therefore, concern.

    The 2019 report compares BEC trends from 2016 to 2018. In it are some startling revelations:

    • BEC incidents reported have doubled from 500/month in 2016 to over 1100/month in 2018
    • BEC thefts have nearly tripled from $110M/month in 2016 to $301M/month in 2018
    • Manufacturing & Construction, Real Estate, and Finance are the top 3 industries targeted
    • The top scam type involves a vendor invoice
    • The average BEC transaction amount when impersonating a vendor or client invoice was $125,439

    CEO impersonation was also a major factor in BEC scams, according to the report. The perceived unwillingness for employees to question the CEO works in the scammer’s favor.

    Organizations in any industry vertical need to be concerned about these trends, as every business has vendors, pays bills, etc., making any organization a target. Educating users with access to payment vehicles should be put through continual Security Awareness Training to help them understand the prevalence and methods of these scams.

    Additionally, any time a questionable payment request or banking change is made, best practice is to follow up with a direct phone call with the requestor to validate.

    Can hackers spoof an email address of your own domain? 


    DSTAre you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit CEO fraud (aka business email compromise), penetrating your network is like taking candy from a baby. 

    Find out now if your domain can be spoofed. Request your free Domain Spoof Test so you can address any mail server configuration issues that are found.  It's quick, easy and often a shocking discovery. Find out now if your email server is configured correctly, many are not!

    Try To Spoof Me!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:
    https://www.knowbe4.com/domain-spoof-test/     

     

    Return To KnowBe4 Security Blog

    Topics: Phishing, CEO Fraud

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews