Story image

Do you know how to spot and destroy that BEC scam?

14 Jul 16

Business email compromise (BEC) scams, also known as CEO fraud, is a huge problem in 2016, with Symantec reporting that more than 400 businesses are hit by business email compromise (BEC) scams daily.

The FBI states that $3 billion has been lost to these scams, with more than 22,000 global victims and they show no signs of stopping.

Symantec defines BEC scams as low-tech financial fraud, an evolution of traditional Nigerian 419 scams. Spoofed emails are sent to CEOs requesting large money transfers. Often looking genuine, the scams are easily set up and the rewards are high, Symantec says.

Symantec has found that BEC scams most often target SMBs and financial sector organisations. The emails target at least two employees - most likely with higher positions in financial roles.

The scams most often originate from IP addresses in Nigeria (46%), the United States (27%), the United Kingdom (15%), South Africa (9%), Malaysia (2%) and the Russian Federation (1%).

One main group is responsible for more than 12% of BEC email traffic. The group has targeted more than 2700 organisations and obtained access to 68 genuine email accounts.

BEC emails are sent following a standard working week to capitalise on the times businesses expect relevant emails and can clear financial transactions. Symantec's blog says that "they will generally begin sending emails from 0700 GMT, take a break from 1100 until 1400 GMT and then resume sending until 1800 GMT."

Symantec recommends user education as the most effective protection against BEC scams. Users should:

  • Be suspicious of emails requesting unusual actions or actions that don't follow normal business procedures
  • Do not respond to suspicious emails. If the email looks legitimate, use the company's address book to contact the person directly and ask them if it is legitimate.
  • Use two-factor authentication for wire transfers.
  • If you have fallen victim to BEC fraud, Symantec recommends notifying your financial institution and local law enforcement.
The secret to scaling DevOps in the digital era
"Organisations around the world have learnt at a cost that while agile DevOps methodologies can result in improved outcomes within teams and projects, they have a propensity to fail miserably."
APAC FinTech network launches to encourage cross-border innovation
Nine associations formally launched the network by signing a Statement of Intent at the Asian Financial Forum event in Hong Kong.
New blockchain solution aims to keep our food ethical
OpenSC enables anyone to scan product QR codes which automatically takes them to information about where a specific product’s journey.
Avaya expands AI offerings with new partnerships
The additions to the ecosystem will enable Avaya to add prioritisation and natural language processing to its UC solutions.
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."