First identified in the early 2010s by the FBI as a financial cyber threat, Business Email Compromise (BEC) has evolved into a global menace to the integrity of our financial system. Nasdaq’s 2024 Global Financial Crime Report attributed $10 billion in losses to cyber-enabled scams last year alone, with BEC comprising the bulk of that number at $6.7 billion globally. Shouldered by organizations of all sizes, from massive corporations to mom-and-pop businesses, government departments, non-profits, academic institutions, and title companies, BEC is pervasive — and its impacts are greater than financial loss.
Losing More than Money
BEC has life-changing consequences. From financial ruin to lost business, lawsuits, and the risk of further data breaches, the repercussions can severely impact the reputation and growth of an organization. Clients of the company may be affected, jeopardizing major purchases such as property transactions, and in severe cases the business may not survive the financial loss, risking the careers and earnings of employees. No dollar value can capture this toll. It is immeasurable — and preventable.
Business Email Compromise is Evolving
A form of authorized push payment (APP) fraud, BEC has grown more sophisticated and lucrative over the past decade as bad actors have improved phishing tactics, honed email spoofing, and increasingly collaborated and abused emerging technology such as artificial intelligence and cryptocurrency. Unfettered by laws or regulations, criminals have escalated their deceit beyond using just fake CEO business emails to utilize social engineering techniques, targeting transactions of all kinds.
A sub-category of BEC fraud, Real Estate Wire Fraud (REWF), has become a preferred method for criminals given the high value of real estate transactions. This form of BEC fraud can be catastrophic, with individuals often losing their savings and the home involved in the purchase. In the Nasdaq report, Lilah Jones, a victim of REWF, shares how the experience jeopardized over $120,000 and her dream home.
“Don’t assume it can’t be you. No matter what you do for a living, or where you are in your life or how efficient you think you are — nobody is above being scammed.”
– Lilah Jones, Business Email Compromise Survivor
Fighting Business Email Compromise: Tips for Financial Institutions
Financial institutions are critical in the fight to prevent the life-changing consequences of BEC and other forms of APP fraud. Awareness, technology, and collaboration are pivotal to decisive action.
Promote Awareness
Awareness of the warning signs of social engineering is a powerful first defense against BEC. Ensuring your staff can recognize red flags of common tactics, such as phishing, and encouraging your customers and corporate clients to learn the same is key to preventing a BEC attempt in its initial stages — before funds are moved.
Implement Effective Fraud Controls
Given the potentially lifechanging consequences of BEC, having an effective financial crime management platform in place is essential. Your solution should provide robust prevention over commonly exploited channels, such as wire, and combine behavioral evidence with consortium insights to allow you to truly understand the risk associated with a payor and payees who do not bank at your institution. Together with intelligent segmentation that considers the behaviors characteristic for businesses and title companies, and real-time analysis, you can interdict a suspicious payment before the funds leave your institution.
Collaborate to Fight Back
By collaborating and sharing information under the safe harbor authorized by section 314(b) of the USA PATRIOT Act, financial institutions can overcome siloes that hinder prevention and gain key insights into BEC attempts and other financial crimes spanning multiple institutions.
BEC is a major global concern. To protect customers and the integrity of our financial system, collective action by financial institutions and the industry at large is critical.