You already knew 2020 was a monster of a year. But did you know that on top of the lost revenues companies also lost $2,000,000,000 to BEC scams, according to the FBI? The number of events reported to the FBI more than doubled last year, representing nearly 20 thousand different US businesses attacked. Learn what a business email scam (BEC) is and how you can prevent email scam vulnerabilities with the right cybersecurity services and employee training to prevent phishing scam clicks.
What is a BEC Scam?
A business email compromise (BEC) scam is a criminal act that involves hacking into a business email, then pretending to be that person. These hackers usually get into a person’s email account by using a phishing email to trick the person into giving away their email credentials.
Once the scammers have access, they familiarize themselves with your org chart and client list to learn who to target. They may then email your bookkeeper or administrative assistant, asking them to re-route a payment to a different account–the criminal’s account.
If you’re a lawyer, they might email your client to ask them to send payment elsewhere. If you’re a vendor, they could look through your accounts payable and target one of your clients or customers.
BEC scammers have been known to hack real estate, escrow, and lending agent accounts as well to get homebuyers to route their down payment to the wrong account.
In any case, these criminals target businesses large and small. And very often they transfer the funds out of the country or convert it to cryptocurrency, so it’s harder to reverse the transaction.
Why Is Business Email Compromise So Dangerous?
Aside from the potential losses, criminals are intercepting and appropriating the trust and respect people have for a certain business or individual. Because your employee trusts this “person”, they’re more likely to comply without question.
These scammers often skip sending these to upper management where a person might ask more questions and go to the lowest level employee who has authority to re-route payments.
To make matters worse, these criminals can use fear or promises to get what they want. They tell a lower-level employee that this is urgent and must be done now, causing the employee to fear for their job if they don’t comply. They might alternatively say they’ll put in a good word to the person’s manager.
Either way, the scammer’s goal is to get the person to act emotionally and automatically–without thinking. And even smart people fall for this.
Some Real-World Email Phishing Scam Examples
These real examples of business email phishing scams had severe consequences on the companies that fell victim to them.
Mergers & Acquisitions Scam Example
Criminals targeted a large company that was actively acquiring other companies. The email pretending to be an employee’s boss told the employee to send $17.2 million to a specified account to complete the acquisition.
The email concluded with a promise, “I will not forget your professionalism in this deal, and I will show you my appreciation very shortly.”
Covid Opportunism BEC Example
Criminals targeted the customers of a small medical supplies company, asking them to re-route payments to a different account due to “Coronavirus outbreak and quarantine processes and precautions.”
Security Company Couldn’t Outsmart Phishing Scammers Example
Criminals targeted a California security company’s finance department, getting them to send $46.7 million. They acted fast when they figured it out but recouped only $8 million.
SharkTank Employee Falls for Email Phishing Scam
An employee of SharkTank’s Barbara Cocoran received an email from an outside account that looked almost identical to her co-worker’s email. The email appeared to be a forwarded email from Barbara herself asking the employee to send funds an overseas account to complete a business transaction. In Barbara’s case, fortunately, she was able to recoup the money.
How to Protect Your Company from BEC Scams
Here are just a few steps you can take to avoid BEC scams.
Educate employees about BEC, phishing, denial of service, suspicious download, and other scams
Create several approval layers before someone can send a large amount of money or re-route an existing payment.
Be careful of anything that went to spam/junk. Microsoft, Google, Apple, etc. think it might be fraudulent. You should take a closer look at that email.
Click on the name to see the actual email the message is coming from
Don’t forget about texts, social media messages, and other communications formats. Those could be compromised too!
Protect Your Company from a BEC Scam
At Technology Crossing, we can help you identify your security structure vulnerabilities so that you can take steps to protect your company, employees, and clients/customers. We provide fixed rate IT services and management and cybersecurity in several areas in Texas and Florida but our headquarters is in Dallas, Texas. We also serve customers and clients in Frisco, Arlington, and Fort Worth.Don’t wait until one of the criminals successfully infiltrates your organization. You can protect yourself. We can help. We invite you to drop us a line at We look forward to hearing from you at (972) 919-6196.