Business Email Compromise Fraud
How to Develop Risk-Reduction and Recovery Strategies
Companies are being targeted by social engineering fraudsters, circumventing traditional IT security controls and preying on the natural tendency of employees who want to be helpful. Awareness is the first step to reducing risk exposure.
The Touchpoint: what is Business Email Compromise?
This kind of scam is called Business Email Compromise (“BEC”) Fraud, and while it might initially seem easy to identify, it is in fact an expansive and mounting problem that is costing companies billions of dollars in stolen funds and trade secrets. BEC is problematic because it involves social engineering, which circumvents traditional IT security by exploiting employees’ natural tendency to “want to help.” The two partners in the BEC example above would likely know each other well, the instructions John gives Dave would follow normal company procedures and the email would appear completely ordinary, as if the real CEO had sent it.1
BEC tests the strength of a company's finance and accounting departments, and internal controls; BEC takes general business email security beyond reliance on most employees’ common sense and initial email screening. Even companies with excellent IT security can be potentially vulnerable.