BEC Scams Nearly Double Over Three Years


Business E-mail Compromise (BEC) fraud scams are on the rise, and the latest data shows a boost in the number of incidents and the value of the fraudulent transactions overall, according to a new report.  Separately, in the states, the Inspector General has found that there is at least some risk  in card misuse. 

Business E-mail Compromise (BEC) fraud has been gaining ground and growing in terms of number of incidences, according to a recent report.

As noted by the Financial Crime Enforcement Network (FinCEN),  the number of reports of BEC rose to a monthly average of more than 1,100 in 2018, where the tally had been 500 in 2016. The data was reported in the July 2019 Financial Trend Analysis report.

That translates to a value of attempted BEC threats that jumped from $110 million monthly in 2016 to $301 million monthly in 2018.

The pace seems to have quickened a bit. The latest report comes after an FBI Internet Crime Complaint Center announcement last year that BEC was a “$12 billion scam” and there was at that time, a 136 percent increase in identified “exposed” losses (which includes actual losses and attempted thefts). The period examined in that case had stretched from December 2016 to May 2018.

In terms of daily BEC emails, the daily count was 128,700 in the first quarter of this year, a 50 percent increase over 2018, according to Dark Reading. And the data shows that between July 2018 and June 2019, roughly 6,000 organizations were targeted each month.

The verticals most often targeted include manufacturing and construction firms, at 25 percent of all BEC attempts. The average amount pilfered came to a bit more than $53,700. Those verticals attract fraudsters due to their lengthy and global supply chains, which offers some fertile ground for impersonation and fraud.

Real estate increased as a target, representing 16 percent of incidents in 2018 versus nine percent in 2017.

The data also shows that, as FinCEN reported, the average transaction size for BEC that impersonated invoices was a bit more than $125,000, while CEO impersonation fraud came out to roughly $50,300.

In Australia, BEC Hits Hard

In Australia, BEC has hit hard, as CIO reported that several businesses in that country have been forces to shutter operations in the wake of such fraud.

The site noted the findings of the Australian Cyber Security Centre, which found that scammers took off with as much as $700,000, and that one company lost $170,000, the largest amount lost by a single company.

The technique remained the same, where SMBs were directed to send goods across fake invoices.

Separately and in terms of other investigations, an Inspector General report has found there is a “moderate” risk of Veterans Administration employees misusing their purchase cards, but added that the risk is low for misuse and abuse of travel and fleet card programs.

The reviews, according to “continue to identify patterns of purchase card transactions that do not comply with the Federal Acquisition Regulation and VA policies and procedures,” a report said. The report noted that the purchase card program logged 7.1 million transactions in 2018, up from 6.1 million in 2017, and total transaction value across the 13,600 employees wielding such cards came to $4.6 billion.