Business email compromise (BEC)

According to the FBI’s 2020 Internet Crime Report, BEC scams are the costliest scam of all. Losses emanating from 19,000 reports of these scams reached a total of nearly $2 billion—more than the combined losses from the next six costliest types of cybercrime combined.

According to the Association for Financial Professionals, 74% of organizations were targets of payment scams in 2020.

And with more employees working remotely due to the ongoing Covid-19 pandemic, criminals are broadening their avenues of attack. According to the FBI, the scams have evolved to include requests for W-2 information, instructions for wire transfers to fake real estate title companies, and demands to send large numbers of gift cards.

While all sectors are vulnerable to attack, government entities are particularly at risk, because of the detailed information required by U.S. transparency regulations. With easy access to names and details about executives, vendors, policies and contractors, criminals can customize their attacks to make them more believable.

In one case reported by the FBI, $1.6 million was stolen after a government official received an email with new instructions that came from a legitimate vendor email address, but was actually sent by a criminal. In another, a city government office received a spoofed email, supposedly from a known contractor requesting a change in payment method. This scam cost the city $3 million.