BEC (business email compromise) scams were the most lucrative tactic cyber criminals use in 2017, with losses of more than $ 650 million in the US alone. And last year this money creation continued to grow relentlessly. According to the IC3 (Internet Crime Complaint Center), the FBI reports that the losses caused by BEC have been achieved $ 1.2 billion, almost double the previous year. Nevertheless, BEC scams were sixth on the list of crimes by number of victims. From this we can conclude that the amounts that are transferred to the bank accounts of cyber criminals are generally large.
A church in the US: another victim of this scam
Towards the end of April this year, the Catholic Church of St. Ambrose in Brunswick, Ohio, reported that it had fallen victim to a million dollar BEC scam. This time the cyber criminals set off with $ 1.75 million.
The parish is currently working with a construction company to restore the church. The FBI believes that hackers have managed to make the church believe that the construction company had changed its bank account; as a result, the church sent a large sum of money to this fraudulent account. The cyber criminals quickly transferred the money to a third account, & # 39; before anyone knew what had happened & # 39 ;, said father Bob Stec.
According to Stec, the criminals have been given access to the e-mail accounts of two church workers to make the scam more credible. The church was notified of the fraud when the construction company contacted them about two unpaid bills totaling $ 1.75 million.
The church is now working with the FBI and its insurer to recover the stolen money.
Large companies cannot escape the BEC scam either
It is not only small organizations that can fall prey to this type of scam. In March, a Lithuanian man pleaded guilty to organizing a scam whereby Facebook and Google lost a total of $ 122 million.
The successful scam was based on a company in Latvia with the same name as a data center hardware manufacturer used by the two technical giants. In this way, the scammer cheated on Facebook to transfer $ 99 million, and Google on the transfer of $ 23 million.
Evaldas Rimasauskas, the man behind the scam, now faces a maximum prison sentence of 50 years.
How you can protect yourself against BEC scams
The case of Google and Facebook shows that even the most important technology companies in the world, who must be theoretically aware of this kind of danger, can end up in the traps of cyber crime. It is therefore vital that organizations, regardless of their size, know how to identify a BEC scam.
The most important thing, given that we are talking about business finance operations, it is of the utmost importance to check as often as necessary whether the e-mail and the sender are legitimate. That is why it is always a good idea to use different channels, such as a phone call, to check whether the person we are dealing with is genuine and the payment has been authorized by the company.
The two cases we have seen have one thing in common: human error. The least mistake can have irreparable consequences for a company. As such, it is vital that all employees are aware of the BEC scam and how they should act if they receive such an e-mail message. In addition to knowing how to identify this type of email, they need to know what procedure to follow to notify the cyber security department of an attack. In this way, the cyber security team will be better prepared to reduce the threat and to prevent other cases in the future.
To secure bank transfers, it is important to include two-factor authentication in the process. Although this security method is far from perfect, it adds an extra layer of security to an important process. Moreover, given that many of these emails contain malware, it is essential to have one advanced cyber security solution on all computers of the company. One who can detect BEC scams in real time and take action against them and other cyber threats that may try to violate the interests of your company. Our advanced cyber security platform, Panda Adaptive Defense, uses cognitive intelligence to alert you to any attempted e-mail that may fall outside of human perception.
It is clear that this type of scam will not stop growing quickly. That is why it is vital to do as much as possible to ensure that your company is not the next victim.