Minimize the risk of business email compromise in 6 steps

Download RFP
CorporateGovernor newsletter [download PDF]

A vast number of companies have fallen victim to scams involving business email compromise (BEC) — also known as CEO fraud. This type of exploitation has grown increasingly sophisticated and frequent over the last few years. According to the FBI, BEC scams affected 17,642 victims and amounted to more than $2.3 billion in losses from October 2013 through February 2016 . And the fraudsters are only just hitting their stride. Since January 2015, the FBI reports a 270% spike in both the number of victims and the related loss amounts ($3.1 billion in losses) . While these statistics may be bleak, there are ways to minimize the risk that your organization will fall victim to a BEC scam.

At a high level, the scam looks like this: A legitimate-seeming inbound email from an expected source, such as the CFO or controller, arrives, asking the recipient to transmit funds to a third party. Increasingly, these scammers take measures to spoof the incoming email to appear authentic to the unwary, and they do their homework to assume the identity of the requesting individual — reflecting the relationships, terminology, approval levels, in-depth knowledge of the company and (often) a sense of urgency related to the request. On the surface, these requests seem like nothing out of the ordinary, and a surprising number of companies fall victim — wiring actual funds to a fraudulent vendor with no prospect of recovery. Adding insult to injury, upon discovery of the scam, many companies launch costly investigations, effectively to prove a negative, namely that their IT systems weren’t compromised, resulting in still more costs and distractions from the organization’s charter.
Read more in the PDF above.

Johnny Lee
Principal, Forensic Advisory Services
National Practice Leader, Forensic Technology Services
+1 404 704 0144