The FBI’s Internet Crime Complaint Center (IC3) claimed in a notice yesterday that BEC cost US and global organizations nearly $55.5bn between October 2013 and December 2023, on the back of over 305,000 incidents.

It said that, over this 10-year period, there have been 158,436 US victims and 6545 victims from outside the country.

BEC is a form of pretexting – a type of social engineering where individuals are usually tricked into making large money transfers to a fraudster posing as a legitimate entity such as a supplier. On other occasions, the scammer impersonates a CEO or CFO and uses their authority to demand a finance team member make a wire transfer.

The FBI had the following advice to mitigate BEC risk:

  • Use multi-factor authentication (MFA) and a second pair of eyes to verify requests for changes in account information
  • Use unique passwords for every online service and try to change them periodically
  • Ensure the URL in emails is associated with the business/individual it claims to be from
  • Watch out for hyperlinks that might contain misspellings of the real domain name
  • Never hand over login credentials or personal identifiable information (PII) via email, even if the requests appear to be legitimate
  • Verify sender email addresses, especially when using a mobile or handheld device, by ensuring it matches who it is coming from
  • Ensure employee computer settings allow full email extensions to be viewed
  • Monitor financial accounts on a regular basis for irregularities, such as missing deposits

Read more at the source below.

Source : infosecurity-magazine.com