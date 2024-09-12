The FBI has urged organizations to be on high alert for business email compromise (BEC) attempts, after revealing that the cybercrime category has amassed tens of billions of dollars for threat actors over the past decade.

BEC is a form of pretexting – a type of social engineering where individuals are usually tricked into making large money transfers to a fraudster posing as a legitimate entity such as a supplier. On other occasions, the scammer impersonates a CEO or CFO and uses their authority to demand a finance team member make a wire transfer.

The threat actor often compromises email accounts and monitors messages from legitimate entities in order to make their requests sound more realistic.

The FBI’s Internet Crime Complaint Center (IC3) claimed in a notice yesterday that BEC cost US and global organizations nearly $55.5bn between October 2013 and December 2023, on the back of over 305,000 incidents.

It said that, over this 10-year period, there have been 158,436 US victims and 6545 victims from outside the country.

Read more on BEC: BEC Attacks Surge 81% in 2022

Banks in the UK and Hong Kong often act as intermediary stops for funds as they’re transferred to accounts under the control of the BEC fraudsters, the IC3 added.

“The BEC scam continues to target small local businesses to larger corporations, and personal transactions while evolving in their techniques to access those business or personal accounts. Between December 2022 and December 2023, there was a 9% increase in identified global exposed losses,” it said.

“In 2023, the IC3 saw a growth in BEC reporting where funds were sent directly to a financial institution housing custodial accounts held by third-party payment processors, or peer-to-peer payment processors, and cryptocurrency exchanges which directly contributed to the increase in global exposed losses.”

Victims are urged to contact their bank immediately if they discover a fraudulent BEC wire transfer.

The FBI had the following advice to mitigate BEC risk: