The Federal Bureau of investigation (FBI) warned individuals and companies to beware of commercial e-mail disclosure (BEC) attacks It is estimated that between June 2016 and December 2021, domestic and international losses have reached $43 billion, and such attacks have increased by 65% between July 2019 and December 2021.
BEC attacks usually target businesses or individuals that perform legitimate fund transfer requests. They involve the destruction of official e-mail accounts of senior managers or suppliers through social engineering, phishing or cyber intrusion. Once criminals gain access, they will send a message to the company's account department asking for a large amount of money transfer. Since these emails come from official sources, these requests are often not suspicious.
The goal of hackers is not just the transfer of funds. Employees are sometimes asked to hand over their personally identifiable information, bank account numbers, payroll / tax slips or cryptocurrency wallets, which are then used for everything from theft to identity fraud. The FBI warned that BEC fraud is growing and evolving, targeting small local businesses to large businesses and individual transactions. The rise in incidents over the past few years has been attributed to the COVID-19 pandemic and more people working from home, resulting in more companies doing business remotely. These attacks generated $43 billion in losses between 2016 and 2021, compared with a record $40 million in BEC losses related to cryptocurrencies last year.
BEC scams have been reported in all 50 states in the United States and 170 countries around the world. Most of the stolen funds were transferred to banks in Thailand and Hong Kong, with China, Mexico and Singapore being the second most popular locations. The FBI recommends that people turn on two factor authentication for their email accounts to prevent BEC attacks. It also said that we should be alert that e-mail may be a sign of phishing scams (website address misspelling, etc.), do not provide login credentials through e-mail, and regularly monitor any violations of financial accounts.