Mumbai: A recent Symantec study has revealed that over 400 companies face threat from business email compromise (BEC) scams or CEO fraud on a regular basis.
According to the report, BEC scams involve low-tech financial scams in which spoof mails are sent out by scammers posing as CEOs of companies to the financial staff, requesting large money transfers.
While this scam requires little expertise, the rewards for the fraudsters are rather high. For instance, an Austrian aerospace equipment manufacturing company recently fired its CEO after a spoof mail was sent out using his name demanding a hefty amount; the company ended up losing $50 million to BEC scammers.
An official FBI release pointed out that BEC scams have ascended to new heights as there has been a staggering 1,300 per cent exposed losses since 2015. Globally, these scams are increasing rapidly in more than 100 countries; however, Asian banks located in China and Hong Kong have been most affected.
“The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds,” said the release.
The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong.
Reports by the Internet Crime Complaint Centre (IC3) indicated that BEC scams have caused a cumulative loss 3.1 billion dollars in total.
According to Symantec, 40 per cent of the total BEC scams are encountered by small and medium scale businesses; the next largest category of victims belonging to the financial sector at 14 per cent. As mentioned earlier, more than 400 companies are affected on a daily basis; mostly senior financial staffs are targeted.
Symantec has identified one group of scammers which is responsible for 12 per cent of all BEC traffic mails.
“Over the past two months, this group has obtained access to at least 68 legitimate email accounts, targeted over 2,700 organizations, and used 147 email accounts to correspond with victims. The majority of this group’s activity originates from Nigeria, though some of their emails come from the UK and US too,” said the Symantec research.
How to protect yourself against BEC attacks ?
Symantec has also released some methods to prevent these attacks but the most important requisite is awareness and computer adeptness.
- Question any emails requesting actions that seem unusual or aren’t following normal procedures.
- Users shouldn’t reply to any emails that seem suspicious. Obtain the sender’s address from the corporate address book and ask them about the message.
- Use two-factor authentication for initiating wire transfers.