Criminals have managed to steal billions of dollars through rogue emails in recent years, the FBI claims. The damage caused by” Business Email Compromise ” amounted to more than 43 billion dollars between June 2016 and December 2021, according to the US investigation service.
In Business Email Compromise (BEC), which also includes ceo fraud, attackers manage to gain access to email accounts via phishing or weak or reused passwords, for example. Through the hijacked accounts, but also by using spoofed email addresses or typo squatting, registering domains similar to those of a legitimate organization, the attackers send rogue emails.
For example, the scammers pretend to be a supplier and request customers to transfer payments to other accounts, or the financial records of an attacked organization are requested to pay certain invoices, requiring the money to be transferred to accounts specified by the attackers.
From June 2016 to December 2021, the FBI counted more than 241,000 cases of Business Email Compromise worldwide with a total of $ 43.3 billion in damages. Last year in particular, the damage caused by BEC fraud experienced an explosive increase and amounted to 40 billion dollars. According to the FBI, this is partly due to the corona crisis, as a result of which more companies handled cases digitally. Banks in Thailand and Hong Kong were the main international destinations for fraudulent transactions.
The FBI recommends using secondary channels or two-factor authentication to confirm requests to modify account information. It is also recommended to be alert to misspelling of domain names and to pay extra attention to the e-mail address when using smartphones. Organizations should also ensure that workstations are set up so that full email addresses are visible.