Skip to main content
About Us |
Contact Us |
According to the FBI’s Internet Crime Complaint Center (IC3) between October 2013 – May 2016 there were 15,668 domestic and international victims of BEC. The combined exposed dollar amount losses of these crimes totaled $1,053,849,635.
What is BEC?
The victims of the BEC scam range from small businesses to large corporations. Over the years, the victims continue to span a wide variety of goods and services, indicating that a specific sector does not seem to be targeted. It is largely unknown how victims are selected; however, the subjects monitor and study their selected victims using social engineering techniques prior to initiating the BEC scam. The subjects are able to accurately identify the individuals and protocols necessary to perform wire transfers within a specific business environment. Victims may also first receive “phishing” e-mails requesting additional details regarding the business or individual being targeted (name, travel dates, etc.).
How Does BEC Typically Work?
Based on IC3 complaints and other complaint data, there are five main scenarios by which this scam is perpetrated. BEC victims recently reported a new scenario (Data Theft) involving the receipt of fraudulent e-mails requesting either all Wage or Tax Statement (W-2) forms or a company list of Personally Identifiable Information (PII). This scenario does not always involve the request for a wire transfer; however, the business executive’s e-mail is compromised, either spoofed or hacked, and the victims are targeted in a similar manner as described in Scenario 2 of the BEC scam.
Scenario 1: Business Working With a Foreign Supplier
Scenario 2: Business [Executive] Receiving or Initiating a Request for a Wire Transfer
Scenario 3: Business Contacts Receiving Fraudulent Correspondence through Compromised E-mail
Scenario 4: Business Executive and Attorney Impersonation
Scenario 5 : Data Theft
*For full descriptions of each scenario visit www.ic3.gov/media/2016/160614.aspx
The FBI offers the following representation of a typical BEC timeline:
Image sourced from: www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise
How Can I Protect My Business?
“The best way to avoid being exploited is to verify the authenticity of requests to send money by walking into the CEO’s office or speaking to him or her directly on the phone. Don’t rely on e-mail alone.” Martin Licciardo, special agent, FBI Washington Field Office
What If It’s Too Late?
If you believe your firm has been a victim of BEC, or if you can confirm that funds have been transferred to a fraudulent account, it is important to act quickly.
It’s hard to guard against determined scammers, but knowing how they work can help. You can gain information about protecting your business by reading the Public Service Announcements provided by the FBI.