Story image

BEC scams targeting a business near you

19 Jul 2016

Symantec have found that more than 400 companies are targeted with business email compromise (BEC) scams every day.

BEC scams are low-tech financial fraud in which hoax emails from CEOs are sent to financial staff to request transfers of large amounts of money.

These scams don’t require a huge breadth of skill, but the financial rewards for the fraudsters can be extremely high.

According to Symantec, an Austrian aerospace manufacturer recently fired its president and CFO after it lost almost US$50 million to BEC fraudsters.

So who’s being hit by these scams? And who are the people behind them? Here are some key findings:

Small and medium sized businesses are being targeted the most

Almost 40% of identified victims are small to medium sized businesses. The next largest category of victim is the financial sector, at 14%.

Organisations have lost over $3 billion US dollars to BEC scams

BEC is an evolution of the infamous Nigerian 419 scams 

According to Symantec, the Nigerian 419 scams were one of the first email financial scams. Emails were sent to individuals promising them riches in return for a small donation to help a fictional Nigerian prince. These scammers are now targeting businesses, using less elaborate tricks to get them to transfer the money. 

"Request” is the most common subject line

Symantec also found that BEC scammers like to keep things simple. Generally emails contain a single-word subject line, with one or more of the following words: request, payment, urgent, transfer, enquiry.

To protect yourself from BEC scams Symantec suggest you:

  • Question any emails requesting actions that seem unusual or aren’t following normal procedures
  • Users shouldn’t reply to any emails that seem suspicious. Obtain the sender’s address from the corporate address book and ask them about the message
  • Use two-factor authentication for initiating wire transfers

If you're afraid that you have in fact been a victim of BEC fraud, get in contact with your bank and local law enforcement ASAP.  

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.