The FBI yesterday issued a notification warning companies of the ongoing threat of business email compromise scams that caused losses of nearly $76 million between December 2015 and March 2016. The notice outlines common types of BEC scams, steps businesses can take to mitigate their risk and what to do if they fall victims to this type of cybercrime.
The FBI noted that in most BEC scams, fraudsters typically target businesses that work with foreign suppliers or regularly transmit payments through wire transfers. Once the victim company is selected and compromised — often through social engineering or computer intrusion techniques — the fraudster conducts surveillance to understand the company’s processes and protocols and identify those with the authorization to perform or authorize these transactions. The fraudsters then compromise and assume control of the victim’s legitimate email account and, posing as the employee, instruct others to transact on their behalf.