The FBI’s Internet Crime Complaint Center (IC3) has compiled all complaints registered in 2019, and the reported losses exceed $3.5 billion, with Business Email Compromise (BEC) and Email Account Compromise (EAC) accounting for $1.7 billion.
Unlike better-known crimes such as credit card fraud, ransomware and phishing, BEC and EAC don’t seem all that glamorous. On the other hand, these two methods alone were used to defraud companies and people of $1.7 billion last year.
Let’s analyze BEC in more detail. Let’s imagine the victim is working in the financial department, possibly even the chief financial officer. Attackers send an email, spoofed to look just like hundreds of similar emails sent to the department, and ask for a payment to a specific account.