Symantec have found that more than 400 companies are targeted with business email compromise (BEC) scams every day.
BEC scams are low-tech financial fraud in which hoax emails from CEOs are sent to financial staff to request transfers of large amounts of money.
These scams don't require a huge breadth of skill, but the financial rewards for the fraudsters can be extremely high.
According to Symantec, an Austrian aerospace manufacturer recently fired its president and CFO after it lost almost US$50 million to BEC fraudsters.
So who's being hit by these scams? And who are the people behind them? Here are some key findings:
Small and medium sized businesses are being targeted the most
Almost 40% of identified victims are small to medium sized businesses. The next largest category of victim is the financial sector, at 14%.
Organisations have lost over $3 billion US dollars to BEC scams
BEC is an evolution of the infamous Nigerian 419 scams
According to Symantec, the Nigerian 419 scams were one of the first email financial scams. Emails were sent to individuals promising them riches in return for a small donation to help a fictional Nigerian prince. These scammers are now targeting businesses, using less elaborate tricks to get them to transfer the money.
"Request” is the most common subject line
Symantec also found that BEC scammers like to keep things simple. Generally emails contain a single-word subject line, with one or more of the following words: request, payment, urgent, transfer, enquiry.
To protect yourself from BEC scams Symantec suggest you:
- Question any emails requesting actions that seem unusual or aren't following normal procedures
- Users shouldn't reply to any emails that seem suspicious. Obtain the sender's address from the corporate address book and ask them about the message
- Use two-factor authentication for initiating wire transfers
If you're afraid that you have in fact been a victim of BEC fraud, get in contact with your bank and local law enforcement ASAP.