Business email compromise scams are not uncommon in this digital age. Thousands of companies report losses due to these scams. These are phishing attacks, in which the criminal uses the identity of a popular executive or associate of the company to defraud the organization. They can use this information to get a company to transfer money to the criminal’s account. The criminal checks the inbox of the target company to find the list of the partners the company works with. They select a high-ranking individual and impersonate them.
Using the identity of these high-ranking people, these attackers request money transfers. As business email compromise covers the whole business, it can have a serious impact on the financial health of the organization. Not only does it result in a financial loss, but these tricks can ruin the reputation of the company. Who would like to collaborate with a company that doesn’t have a strong security protocol in place? Besides, it also affects employee and customer trust. If these hackers could access and misuse the contact details of an executive, there is a slim chance they won’t be able to access the confidential information of employees and customers.
BEC Cases in the Non-Profit Organizations
Business email compromise cases are common in the government and non-profit organizations. Cybercriminals target companies that are not equipped with modern security protocols and the latest technology. A recent example of a business email compromise is Philabundance, one of the biggest and reputable hunger-relief non-profit organizations that suffered a loss of $1 million. The company was sending $923,533 to the construction contractors. However, the chief executive of the company discovered that this amount was transferred to the fraudulent account. Philabundance has seen a major need for its services, especially during the pandemic. However, they ended up becoming a victim of one of the major cyber-attacks. According to the organization, the hackers scammed the company by infiltrating their computers.
They used the phishing technique to block valid and legal emails. Eventually, they copied the pattern of the original invoice sent by the construction company. The company transferred the requested amount to this fraudulent account, thinking that they were sending it to the construction company. They sent this amount on 6th July and realized they had gotten scammed on 24th July when the company that was to receive this amount asked Philabundance about the outstanding payments.
The cyberattack happens to be the second most common type of fraudulent transfers. The companies losing money to these cyber hackers can recoup the loss to a certain extent using the insurance. The insurance for such losses ranges from a few thousand bucks to more than a million dollars. In fact, 9% of non-profit organizations become the victim of cyber attacks every year. The cybercrime reports had surpassed $3.5 billion in 2019. Most types of cyberattacks include ransomware. Whether you run a small-scale firm or a large corporation, it is important to have a team of IT professionals that monitor your computers and sensitive data all the time.
