The Costliest Cyber Crime: BEC, Business Email Compromise
What do you think of when you hear "the most costly cyber crime"? Do you think of ransomware, phishing, or viruses? While all of these can be extremely detrimental to your organization both financially and in regards to your reputation, the biggest threat to your business may be something else entirely. According to recent findings and statistics business email compromise (BEC) may be the most costly cyber crime of them all.
What is Business Email Compromise?
Business Email Compromise(BEC) is a form of social engineering and email fraud that utilizes phishing tactics in order to infiltrate you business. Cyber criminals exploit email services because they know how integral email is to facilitating communication within a business. Through impersonating a fellow employee or manager, hackers trick individuals into divulging private data or login credentials to establish control over an organization IT systems. The implementation of BEC is incredibly large in both volume and scope, and according to Verizon roughly 96% of phishing attacks are distributed via email. However, most people don't realize just how costly business email compromise can be to your business.
What's The Cost?
According to recent statistics released by the FBI for 2021, BEC is the most costly cyber crime in terms of financial loss. Throughout 2021 the Internet Crime Compliant Center(IC3) received 19,954 BEC complaints made against organizations. In total there was an estimated loss of nearly $2.4 billion. The IC3 also saw innovations in the methods in which BEC attacks were implemented. Due to the COVID-19 pandemic many business meetings had to be conducted via Zoom, Microsoft Teams, or other virtual meeting platforms resulting in the introduction of social engineering attacks through these various platforms. According to the FBI report cyber criminals have begun setting up virtual meetings in which they will deep fake the audio and video of an upper manger or fellow employee in order trick victims into sending fraudulent wire transfers. These attacks would start on Zoom or Microsoft Teams and then transition to email in order to actually execute the attack.
Business email compromise, BEC attacks are increasing in both scope and consequence. Falling victim to one of these attacks could spell financial ruin for your organization. Let CorpInfoTech protect your IT infrastructure and train your humans to spot social engineering attempts.
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
