Keeping Pace With The Evolution Of Business Email Compromise


Business email compromise (BEC) is an ever-evolving beast that threatens organizations of all types and sizes around the globe. But companies are not entirely defenseless against the scam, as Jeff Taylor, senior vice president of Commercial Fraud Forensics at Regions Bank, told PYMNTS in the inaugural Preventing Financial Crimes Playbook.

In diving into the various tactics fraudsters use to pull off BEC scams and infiltrate B2B payment workflows, Taylor noted that businesses must make some changes to the way they operate in order to mitigate this risk — particularly in a work-from-home environment.

“I think that companies in the pandemic had to adjust their equipment policies to accommodate remote work,” Taylor said. “In many cases, individuals did not have company-owned equipment that they used. They were using their personal equipment and even their personal emails to connect and conduct business, and obviously those are much more vulnerable than company emails and the platforms that a company would have that might be insulated by a [virtual private network].”

In another recent interview with PYMNTS, Kwayga Chief Technology Officer Chris Kennedy discussed the importance of transparency and trust in cross-border B2B relationships and how that trust can lead to a significant reduction in supplier and invoice fraud.

“As you promote a trusted engagement between buyer and supplier through the entire deal flow, you’re going to see a massive reduction in invoice fraud and payment fraud,” Kennedy said.

Below, PYMNTS rounds up the latest stats and numbers behind B2B payment fraud news, including the FBI’s warning of the latest evolution in BEC scams and a recent case of ransomware targeting one of the largest technology companies in the world.

Five years of development led to the launch of UAE Trade Connect (UTC), a United Arab Emirates-based trade finance platform designed to combat fraud across the country. Telecommunications company Etisalat and technology firm Avanza Innovations, in conjunction with First Abu Dhabi Bank, created the platform for commercial banks that allows those financial institutions to send invoice data via blockchain to Etisalat, which automatically checks for signs of fraud or duplication before a bank finances it. According to the platform’s CEO, Zulqarnain Javaid, the solution can process 40 invoices per second, and he expects banks to begin submitting 100 percent of invoices through the platform now that UTC is out of the pilot phase.

The FBI received 20 complaints of BEC cases involving cryptocurrency last year, the agency revealed recently, adding that instances of crypto-related BEC scams are on the rise. In 2020, businesses lost more than $10 million in crypto-related BEC scams, with the FBI noting that scammers will request funds be paid to a cryptocurrency exchange without the victim knowing that funds being paid are going to be converted to digital currency. The FBI urges corporates to adopt multifactor authentication, check URLs in emails, and take additional measures to avoid falling victim to BEC scams.

An Australian sports club lost $118,620 in a case of supplier fraud, local reports revealed. Amid renovations of its facility, the Tailem Bend Netball Club received a payment request seemingly from a legitimate vendor related to the construction. South Australia Police are investigating the matter and revealed details of the case. Law enforcement officials said that the sports club received a legitimate invoice from a legitimate contractor, but before the club paid that bill, it received an email claiming to be from that contractor, requesting payment to move to a different bank account. “The victim then paid the outstanding invoice, believing they were making a payment to the proper supplier, not to the scammers,” the police said.

Cyberattackers demanded $50 million in ransom, targeting Apple supplier Quanta, the Financial Times reported recently. The publication noted the ransomware attack is going after both Quanta and Apple and has been attributed to hacker group REvil (also known as Sodinokibi). Quanta reportedly refused to cooperate in order to regain control of its systems and data. In a post, REvil said, “Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands.”