Business Email Compromise: The $55 Billion Scam

You know those times when your email seems to know way too much about your life? Well, that’s nothing compared to what cybercriminals are doing with it. Business Email Compromise (BEC) is one scam that takes your inbox from a handy tool to a hacker’s goldmine. And it’s not just businesses getting hit—individuals are falling victim too. Let's dive in before your email gets any funny ideas.

Business Email Compromise (BEC) is a sophisticated scam where fraudsters hack into email accounts to steal money through unauthorized fund transfers. Over the past decade, it has led to $55 billion in losses globally, and it’s only getting worse, with incidents rising by 9% in 2023 alone.


How It Works:

BEC scammers typically follow a few steps to execute their plan:

  1. Infiltrate an Email Account: Using social engineering or hacking techniques, they gain access to legitimate email accounts.
  2. Impersonation: Once inside, they impersonate a trusted person or company (like your boss or a vendor) and initiate requests to transfer funds or provide sensitive information.
  3. Fund Transfer: The scammer tricks the victim into sending money to a fraudulent account, often located overseas, making it harder to trace.

But the scam doesn’t end there. Sometimes, hackers use the stolen credentials to request Personally Identifiable Information (PII), allowing them to target victims with other scams, like identity theft or tax fraud.


Who’s Targeted:

BEC can target anyone who handles money transfers—small businesses, large corporations, and even individuals making personal transactions. But businesses with complex financial operations are prime targets, especially when they rely on email communication for fund transfers.


Real-Life Example:

In a recent case, a U.S.-based company was tricked into transferring $500,000 to a fraudulent account after a cybercriminal hacked their vendor's email. The email seemed completely legitimate, requesting payment for an outstanding invoice, but the funds ended up in an offshore account controlled by the scammer. By the time they realized, the money was long gone, having passed through third-party payment processors and cryptocurrency exchanges.


Why You Should Care:

BEC scams don’t just hurt big companies—they can hit any business or individual dealing with money transfers. And with nearly 305,000 incidents reported since 2013, the chances of being targeted are rising. Losing thousands, or even millions, due to a simple email hack can cripple finances and wreck business reputations.


How to Protect Yourself:

Here’s how to avoid becoming the next victim of a BEC scam:

  1. Verify Requests Through Secondary Channels: If you receive an email asking for a fund transfer or sensitive information, verify it through another communication method—call the sender directly to confirm.
  2. Enable Two-Factor Authentication (2FA): Add an extra layer of security by enabling 2FA on all business and personal accounts.
  3. Check the URL Carefully: Before clicking any links, hover over them to check if the URL is legitimate. Scammers often create URLs that are almost identical to real ones, with small misspellings.
  4. Don’t Share Login Details via Email: Legitimate companies will never ask for your login credentials through email. Avoid sharing any sensitive information this way.
  5. Monitor Accounts Regularly: Keep a close eye on your financial accounts for any irregularities and report suspicious transactions immediately.


Quick Tips:

  • Did you know? BEC scams have been reported in 186 countries. Once your funds are transferred abroad, recovering them becomes a huge challenge.
  • Pro Tip: Always double-check email addresses, especially on mobile devices where it’s easier to overlook slight discrepancies. This small step could save you from a big loss.


Have you ever encountered a scam or suspicious email that you were unsure about? Share your story with us—your experience could help others avoid falling into the same trap.

Stay safe, stay informed,


Key Terms Explained:

  1. Business Email Compromise (BEC): A scam where cybercriminals infiltrate legitimate email accounts to trick businesses and individuals into making fraudulent transfers.
  2. Social Engineering: Manipulating people into divulging confidential information or performing certain actions (like transferring funds) by pretending to be a trusted entity.
  3. Two-Factor Authentication (2FA): A security measure that requires two forms of identification—like a password and a texted code—to log into an account.

To read more, kindly find source article here


AARP Backs Bill to Help Police Fight Elder Fraud