SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Email
#
Partners
Business Email Compromise hacks cost enterprises $2.3 billion
Mon, 13th Jun 2016
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

Compromised business emails have caused 17,642 enterprises worldwide to lose at least $2.3 billion, a new research paper titled 'Billion-Dollar Scams: The Numbers Behind Business Email Compromise ' from Trend Micro says.

The paper says that the statistics are straight from the FBI, and the number is still increasing. Victim counts increased 270% during the first eight months of 2015. The sheer size of these attacks prompted the FBI into action through a public service announcement, educating enterprises about the dangers.

The paper says that business email compromise (BEC) schemes work through sophisticated channels between businesses and foreign partners that provide wire transfer payments. Business executives' emails are hacked and spoofed, instructing employees to send large wire transfers to foreign accounts.

The paper says that BEC attacks are socially-engineered, which makes them difficult to detect due to how legitimate the emails appear. While the USA is the greatest target with 274, Australia also has been targeted by 94 schemes.

Trend Micro says BEC scams can take three forms:

The bogus invoice scheme

Businesses who work with a foreign supplier are contacted by fraudsters, asked to change payment location or to a fraudulent payment account.

CEO fraud

Scammers spoof business executives' accounts, create an email to an employee requesting an urgent wire transfer to the fake account. The most spoofed executive positions are CEO (31%), president (17%), managing director (15%) and 'others' constituting 20%.

Account compromise

An employee's account is hacked and emails are sent from the account to vendors on the contact lists, requesting payments to fraudulent accounts. How to prevent BCE attempts

The report encourages businesses to educate executives and employees about how BEC scams operate. The scams are simple, and can be easily thwarted by employees.

  • Be wary of all emails
  • Verify wire requests if they seem overly high or differ from most transactions
  • Raise employee awareness about BCE methods
  • Use secondary sign-off for changes in vendor payment locations
  • Use two-factor authentication for payments. When using phone verification, use known phone numbers.
  • Report attempted and successful hacks or spoofs
  • Keep track of customer payments, including payment details
Related stories
RiverSafe teams up with Cribl to boost IT & data security services
Half of online traffic in 2024 generated by bots, report finds
Cisco launches Hypershield for AI-driven security upgrade
Keeper Security launches user-friendly passphrase generator
Axis unveils hybrid cloud platform for adaptable security solutions
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption