As Fraud Rates Rise, Businesses’ Worst Threat May Be in Their Inboxes

Despite the increasingly sophisticated weapons fraudsters have on hand to execute their scams, business email compromise (BEC) attacks remain one of their most effective ploys. The FBI estimates U.S. businesses lost $2.4 billion to BEC schemes, in which fraudsters pretend to be a supplier or other authorized party and trick employees into diverting funds to them. BECs are particularly difficult to fight after the fact, as the transactions themselves may be considered technically legitimate. Remote work arrangements have been a boon for BEC-wielding fraudsters, as significant authorized transaction requests may more often be sent over email than within an in-office environment.

The total dollar costs is expected to rise in the coming years, as scams and other fraudulent crimes increase. This expectation may be best illustrated in PYMNTS’ collaboration with Featurespace, “The State Of Fraud And Financial Crime In The U.S.


A majority of surveyed financial institution executives told PYMNTS that the volume of fraudulent transactions, the overall fraud rate and even the cost of these crimes is increasing. As one-third of the funds lost to cybercrime stem from BEC attackss, these sorts of scams are likely to rise as well.

In an interview with PYMNTS, nsKnox COO Nithai Barzam explained why BECs remain an attractive scam for bad actors. “Fraudsters seek to attack targets that lack protection or have loose controls. They are adept at hacking email servers and manipulating employees into granting them access. Once they are in, they can easily mislead accounts payable and accounts receivable staff. And there are countless other ways and technologies they can use to manipulate and get what they want. To put it in simple terms: Today, it’s just too easy to target corporate payments. Therefore, organizations must protect all payment types using technology-driven validation of payee and account details while making sure all payment-related data and files are protected in a way that they cannot be tampered with.”

Given the general success of BEC scams, businesses may combat them with strategies large and small. A relatively small fraud-fighting effort could include defining specific formats for payment requests, making clear policies that determine when data can be shared with parties outside the company, as well as raise awareness among staff about these attacks. More intensive solutions may involve automation of digital identities or partnering with third-parties offering advanced fraud-fighting tools.

BECs, along with fraud against businesses overall, is expected to continue rising. Businesses raising their defenses to become a harder target for bad actors may find the fraudsters moving on.