Business Email Compromise (BEC), also known as CEO Fraud, is a highly targeted form of a phishing where the scammer impersonates a high-level executive, such as a CEO or CFO. Generally, this scam involves hijacking emails, faking social media accounts, spoofing websites, and other tactics to convince people of their fake identities. More advanced tactics can also include the use of deepfake video and voice calls.
BEC scams are increasingly successful and are considered among the costliest forms of low-tech cybercrime, scamming a total of $43 billion between 2016 and 2021.
Top 3 forms of Business Email Compromise Fraud
Scam 1 – CEO Scam
This scam is typically carried out by impersonating a high-level executive, such as a CEO or CFO, and sending an email to an employee, requesting them to wire money or share sensitive information. The employee, believing the request to be legitimate, will comply, and the criminal will gain access to sensitive financial information or steal money from the company.
Scam 2 – Invoice Scam
Another common form of CEO Fraud is known as the "invoice scam." In this scam, a criminal will impersonate a vendor or supplier and request payment for an invoice. The employee will process the payment, thinking it is legitimate, and the criminal will receive the money.
Scam – 3 - Shipment lifting
Recently a third form of this scam has emerged where the scammers are stealing entire shipments. In this version the attacker creates email accounts and websites that impersonate a trusted company. Scammers then deceive the victim company into extending them credit for a large purchase by using real information of the legitimate company they are impersonating. The victim company ships them the product, but never receives payment.
There are several ways to protect your organization from becoming a victim of Business Email Compromise Fraud:
- Educate employees on BEC and CEO-Fraud scams. It is recommended to have an on-going cybercrime training program that keep employees up to date on the latest scams.
- Enact a company policy and procedures to verify any change requests to financial information, contact information, and updates to invoices. Especially any last-minute changes to wires transfers, bank information, and shipping destinations.
- Always verify requests of advanced payments, preferably by phone or via a known contact.
- Independently verify new vendors contact information through reputable online sources and directories.
- If a request seems sudden, has unexplained urgency for payment or shipment, especially from new customers/clients, take time to verify details independently of the request.
Cyber Liability Coverage Solutions
Cyber Liability Coverage may offer protection against the various types of Business Email Compromise (BEC) and CEO Fraud.
- Third Party Liability – Privacy and Network Liability: Offers coverage when the insured becomes legally obligated to pay as a result of unauthorized access to their system or unintentional data compromise
- Invoice Manipulation: Will indemnify the insured for direct net loss resulting from the insured’s inability to collect payment
- Cyber Deception: Coverage for loss of money or tangible property as a result of a fraudulent request.
It is important to note that each cyber liability policy may be different and may not include specific coverages. Please talk to one of our knowledgeable insurance advisors about your company’s specific risks and we can assist in finding the coverage that is right for you.
This resource offers insight into the mechanics of business email compromise (BEC) scams, elucidates prevalent scam tactics, pinpoints primary targets of these schemes, delineates successful mitigation strategies, and illustrates effective methods for responding to and recovering from such incidents. By making use of this guide, businesses can arm themselves with the knowledge required to counter BEC scams and reduce potential financial losses in case of their occurrence.
Download the guide now:
Business Email Compromise Survival Guide