Business Email Compromise

Business Email Compromise/Email Account Compromise

(BEC/EAC)

BEC/EAC is a sophisticated email scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. A fraudster compromises or impersonates an executive, vendor, or trusted contact’s email account with the aim of obtaining access to sensitive business information or other assets.

Fraudsters might:

  • Spoof an email account fooling victims into thinking fake accounts are authentic.
  • Send spearphishing emails. These are messages that look like they are from a trusted sender.
  • Use malware (malicious software that can infiltrate company networks).
In 2021 and 2022, the FBI, with the assistance of several agencies and numerous international partners, led an operation revealing BEC/EAC fraudsters were responsible for approximately $51 million in losses and over 500 victims in the United States. Between 2016 and 2021, domestic and international exposed dollar loss equaled $43 billion!

What can you do to protect yourself from BEC/EAC?

  • Verbally verify changes in payment/deposit information using a known phone number.
  • Implement multi-factor authentication (MFA) to help protect email accounts from being compromised.
  • Educate yourself and your employees on the various types of email scams including BEC/EAC.
    • Check email addresses and domain names for misspellings. Fraudsters will often add an extra letter especially if a word or name already has a double letter.
    • Fraudsters also replace letters in words/names with other letters or numbers that look similar. Depending on the font being used a capital i “I” and a lowercase L “l” or the number one “1” can easily be used to replace each other.
Not only do victims of BEC/EAC scams incur financial losses, but other damages can also include compromise of sensitive and critical business accounts as well as reputational harm. Remember, the easiest way to protect yourself from cyber-attacks is to remain vigilant.

Sources:
  • Federal Bureau of Investigation 2022 Congressional Report on Business Email Compromise and Real Estate Wire Fraud.
  • Internet Crime Complaint Center (IC3) Public Service Announcement May 4, 2022. Alert Number I-050422-PSA.
The above referenced sources are provided as a courtesy. Signature Bank does not endorse or control the content of these sources or websites.