By Submitted Article on October 31, 2019.
Is that email really from your boss?
Submitted by the Better
Business email compromise scams have >tripled over the last three years >and have cost businesses and other organizations more than $3 billion since 2016. This is according to an in-depth investigative >study >by Better Business Bureau (BBB). >
Business email compromise fraud is an email phishing scam that typically targets people who pay bills in small and large businesses, government and nonprofit organizations. >This serious and growing fraud jumped 50 per cent in the first three months of 2018 compared to the same period in 2017. In 2018, 80 per cent of businesses received at least one of these emails. From 2016 through May 2019, the Internet Crime Complaint Center (IC3) received 58,571 complaints on BEC fraud, with reported losses >to RCMP for the same period, $33.6 million. >BBB’s report finds that the average BEC loss involving wire transfers is $35,000, while the average loss involving gift cards is $1,000 to $2,000. However, the cost to businesses can be much higher: Google and Facebook lost more than $100 million to BEC fraud before the perpetrator was arrested in 2017.
To initiate a BEC scam, fraud gangs need the names of people within an organization, their job function and their email username and password, often obtained with illicit open source tools or free trials or lead generation services. Also, the fraudsters must send emails directly to people, impersonating a trusted superior or partner and seeking money, which they can accomplish with a fake email address or domain name or by hacking a real person’s email account; and that they need a way to obtain money sent by victims, often via money mules.
BBB urges businesses and other organizations to take technical precautions such as >multi-factor >authentication for email logins and other changes in email settings, along with verifying changes in information about customers, employees or vendors. The report also urges culture and training changes in organizations – namely, confirming requests by phone before acting and training all employees in internet security. What to do if your organization has lost money to a BEC fraud:
– If an organization finds that it has been a victim of a BEC fraud, it needs to immediately call its bank to stop the payment and report it to the Canadian Anti-Fraud Centre at 1-888-495-8501.If a report is filed within 48 hours, there is a chance the money can be recovered.
– Complain to the FBI’s >Internet Crime Complaint Center. IC3 also asks people to report unsuccessful BEC attempts as well. Information from attempts may help establish patterns or identify mule bank accounts. >
– Report fraud to >BBB Scam Tracker.