The latest data from the U.S. government’s Financial Crimes Enforcement Network (FinCEN) shows fraud via business email is changing tactics and becoming more effective.
Phishing attacks don’t always need to result in the use of malware. In many cases the goal is to commit fraud through impersonation, bogus invoices, and back account rerouting. According to FinCEN’s July 2019 Financial Trend Analysis Report these attacks – grouped into what is commonly known as Business Email Compromise (BEC) or CEO fraud is a growing tactic and, therefore, concern.
The 2019 report compares BEC trends from 2016 to 2018. In it are some startling revelations:
- BEC incidents reported have doubled from 500/month in 2016 to over 1100/month in 2018
- BEC thefts have nearly tripled from $110M/month in 2016 to $301M/month in 2018
- Manufacturing & Construction, Real Estate, and Finance are the top 3 industries targeted
- The top scam type involves a vendor invoice
- The average BEC transaction amount when impersonating a vendor or client invoice was $125,439
CEO impersonation was also a major factor in BEC scams, according to the report. The perceived unwillingness for employees to question the CEO works in the scammer’s favor.
Organizations in any industry vertical need to be concerned about these trends, as every business has vendors, pays bills, etc., making any organization a target. Educating users with access to payment vehicles should be put through continual Security Awareness Training to help them understand the prevalence and methods of these scams.
Additionally, any time a questionable payment request or banking change is made, best practice is to follow up with a direct phone call with the requestor to validate.
Can hackers spoof an email address of your own domain?
Are you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit CEO fraud (aka business email compromise), penetrating your network is like taking candy from a baby.
Find out now if your domain can be spoofed. Request your free Domain Spoof Test so you can address any mail server configuration issues that are found. It's quick, easy and often a shocking discovery. Find out now if your email server is configured correctly, many are not!
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: