One of the most common versions of social engineering fraud is phishing which often leads to Business Email Compromise (BEC) and is also considered the top contributor to financial fraud. With over 90 percent of attacks coming via email, phishing remains the most prevalent amongst all cybercrime.
Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. This is frequently carried out through social engineering or computer intrusion to conduct unauthorized transfers of funds.
BEC is not just the most prevalent but one of the costliest flavors of attacks to organizations – In 2020, the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) noted over 20,000 BEC/EAC complaints with adjusted losses of over $1.8 billion. So it’s important that every organization has a plan to prevent these threats from reaching users.
Here are some of the suggestions for protection IC3 recommends:
- Use secondary channels or two-factor authentication to verify requests for changes in account information.
- Ensure the URL in emails is associated with the business/individual it claims to be from.
- Be alert to hyperlinks that may contain misspellings of the actual domain name.
- Refrain from supplying login credentials or PII of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
- Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.
- Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed.
- Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.
Read the full report at: Internet Crime Complaint Center (IC3) | Business Email Compromise: The $43 Billion Scam