BEC Scams: Head to Toe
February 3, 2019
Not long ago when emails started to get rooted in our daily lives as one of the best forms of communication with those living far away. Times go by fast.
Invented by Ray Tomlinson in the early 1960s, what a magnificent invention. How beautiful it would be if the story would end up here, right? But it doesn’t.
What happened with eMails?
Well, I don’t have very good news for you today.
Little did Ray know that the email, now with the system of store-and-forward, would actually be used for a whole other purpose rather than for more effective communication to people living far away from each other.
Business Email Compromise or BEC scam is definitely not something emails were intended to use for, yet this doesn’t help thousands of Americans and Australians losing millions of dollars, with the amounts of losses on the rise every year.
What is a BEC Scam
A Business Email Compromise Scam is another type of “ I want a lot of money without a single effort” which scammers are using recently to deceive thousands of Americans, Brits or even Australians.
It will be called as such when a hacker gains access to an individual or company’s email and then uses the same to tell those who make various payments in there that the same should be done to a different email, instead. Guess to whose email the payment will be redirected to.
The same exposes danger to small and big companies, and this is embraced by the fact that the same has resulted of million dollar losses to countries like US or Australia, as the most endangered from the rest.
Their biggest gun is the genuine appearance. It looks such as the email gets sent from the same company’s official one, and this doesn’t leave any shadow of doubt in the eyes of the receiver, making it pretty tempting to decide to follow the instructions.
To make it clear what this scam means, the statistics of losses from February 2016 until now solely in the United States exceed $2.3 Billion. Devastating.
BEC Scams Examples
Some of the most infamous ways of a BEC in the past will surely bring us back to the scammers taking over the CEO email and all of a sudden the whole company is endangered. How did that happen?
In one of the many cases which happened in the United States in 2016, defrauders took their time to get to know their target, taking every information about him including the name, company, the position he holds in it as well as his contact information.
Once they completed their puzzle, they took over his email address, sending all the CEO’s employees an urgent email requesting a specific amount of money from each of them.
Coming this from a trusted and authoritative person most of them haven’t hesitated to respond positively to the request, resulting in a vast amount of losses to the whole company members altogether. This is only one of the many, and the last one doesn’t seem to be on the horizon.
The most affected from a BEC
There is no particular target to the BEC, as anyone can be the next in line, with companies sizes ranging from the larger to small ones and anything in-between.
However, why large companies distant themselves from this type of fraud is their high IT security they invest on, making them a chewy target to the hackers.
The Key to a BEC Scam
For a BEC to take place there is one thing that has to be there which is common to over 95% of victims to the day: the targets’ business has to be working with foreign suppliers or has to make wire transfers when making payments.
A perfect soil for a BEC to be planted.
How to recognize a BEC Scam
The same as one person can hardly change the world, the same can be said to any type of scam fighting: you can hardly stop it from happening on your own, but you can save yourself and those around you. First, let’s see how you can recognize that you are dealing with one:
- Urgency – One of the best weapons used in almost every type of scam is the urgency they pretend the situation to be in, not devoid in BEC either. Some other type of urgency they demand is the CEO or CFO being busy at that time and cannot give any further explanation or the promise to get back in touch after a while. Leaving the victim between an ultimately frustrating “Yes” or “No” choice of their own.
- Regular amount requested – When asking money by wire transfers from their victims’ contacts and connections which they gain through their close research, they do so gently. They do not request way too high amounts of money from people which they know they can’t afford by the income they generate, to not raise suspicions but look as normal as possible.
- Email imitation – A close imitation of the target’s official email account in order to act as the real person.
- Sent from the iPad – Frequently used in BEC, this way of contacting their targets by scams is a triple-edged blade: * English grammar misspelling can be covered
* Legitimate email signature is not required
* It has the pinch of urgency scams want you to believe.
How to Avoid a BEC Scam
Being aware of the existence and putting extra attention on any suspicious activity means you are already two steps in the right direction. Some of the most recommended ways how to prevent falling to a BEC scam are listed below:
- “Know your enemy” – educate your employees on how this type of fraud works and how they can prevent to fall for it.
- Keep calm – don’t fall for any “ you need to take action right now or it will be too late” type of suggestions from any email. The truth is there are super rare chances for a company to ask for a fund transfer or something of a kind urgently, without a previous warning or request.
- Double confirmation – use double-factor confirmation of funds for a higher security wire transfer.
- Phone call – In any suspicious amount or way of transfer requested, make sure you make a phone call as a safer way of confirmation of the real person who requested the funds.
A BEC remains one of the most common schemes used by scammers online and is on the rise every year. Anyone can be a victim and you are not exempt.
With the hope that you don’t open the article or reach the end of it as a victim looking on reason why you fell for it, wishing you never be one ever after. And this article can be a great help at hand.
For any question, feel free to contact me at firstname.lastname@example.org or simply by leaving a comment below.