sb-au logo
Story image

BEC scams targeting a business near you

Symantec have found that more than 400 companies are targeted with business email compromise (BEC) scams every day.

BEC scams are low-tech financial fraud in which hoax emails from CEOs are sent to financial staff to request transfers of large amounts of money.

These scams don’t require a huge breadth of skill, but the financial rewards for the fraudsters can be extremely high.

According to Symantec, an Austrian aerospace manufacturer recently fired its president and CFO after it lost almost US$50 million to BEC fraudsters.

So who’s being hit by these scams? And who are the people behind them? Here are some key findings:

Small and medium sized businesses are being targeted the most

Almost 40% of identified victims are small to medium sized businesses. The next largest category of victim is the financial sector, at 14%.

Organisations have lost over $3 billion US dollars to BEC scams

BEC is an evolution of the infamous Nigerian 419 scams 

According to Symantec, the Nigerian 419 scams were one of the first email financial scams. Emails were sent to individuals promising them riches in return for a small donation to help a fictional Nigerian prince. These scammers are now targeting businesses, using less elaborate tricks to get them to transfer the money. 

"Request” is the most common subject line

Symantec also found that BEC scammers like to keep things simple. Generally emails contain a single-word subject line, with one or more of the following words: request, payment, urgent, transfer, enquiry.

To protect yourself from BEC scams Symantec suggest you:

  • Question any emails requesting actions that seem unusual or aren’t following normal procedures
  • Users shouldn’t reply to any emails that seem suspicious. Obtain the sender’s address from the corporate address book and ask them about the message
  • Use two-factor authentication for initiating wire transfers

If you're afraid that you have in fact been a victim of BEC fraud, get in contact with your bank and local law enforcement ASAP.  

Story image
Current security practices 'grossly inadequate' for protecting cloud infrastructures - report
"As cloud stacks become increasingly complex, with new technologies regularly added to the mix, what's needed is a holistic approach with consistent protection across the full cloud stack."More
Story image
Cisco buys ThousandEyes, strengthening network portfolio
Cisco is eyeing up network intelligence company ThousandEyes for its latest acquisition, building on Cisco’s cloud-based network and application performance portfolio.More
Story image
Interview: Thriving in lockdown - how a coding school in Vietnam beat the odds
It's March 10 2020, and CoderSchool in Ho Chi Minh just went entirely online. A success story followed - here's how a lockdown helped a school thrive.More
Story image
Chinks in the armour: Why the post COVID-19 cloud is easy game for cybercriminals
Now’s the time for CIOs to pause and make sure their digital transformation projects are fit for today, and the future.More
Story image
Months on, many organisations still don't have secure remote access - report
The report analyses the extent to which businesses were prepared for the sudden shift into remote working due to COVID-19 restrictions, and analyses how organisations have adjusted to support remote workers amidst the COVID-19 pandemic. More
Story image
A definitive guide to cloud access security brokers
CASBs offer IT administrators granular access control and deep visibility over corporate data – critical functionality for organisations moving from internal, premises-based apps to the cloud.More