Over the last six years, Business Email Compromise (BEC) attacks have cost global businesses over $12.5 billion with victims not only in all 50 states, but 150 countries around the world. FBI, Business E-Mail Compromise the 12 Billion Dollar Scam.
For all of its effectiveness, the scheme is remarkably simple. A fraudster, often using stolen credentials, gains access to a business’s email and monitors the traffic. When he spots a financial transaction, the fraudster inserts himself into the conversation often using a typosquatted domain—an email address that looks like the victim business’s, but with a small typo, an l instead of an I, a 0 instead of an O. Once in the conversation, the fraudster convinces the party sending the money to transfer it to an account he controls.
