A wave of phishing scams hit users and organizations hard in 2015. The Internet Crime Complaint Center (IC3) was notified of 7,838 BECs (business email compromises) for a total worldwide loss of over $263 million. The US was the most targeted country – around 80% of the total victims – with California (14.53%), Florida (8.47%), and Texas (7.67%) the most targeted states.
What is BEC?
According to the IC3, a business email compromise is a “sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments”. The IC3 received the first complaint about such a scam in 2010 and, since then, the technique has evolved:
- 2010 – US-based companies were targeted by phishing scams that instructed them to redirect invoice remittance payments;
- 2013 – Criminals hacked CEO and CFO email accounts and sent emails to staff asking to wire money to fraudulent locations;
- 2014 – Con artists hacked personal emails and sent requests for payments to vendors in their contact lists;
- 2015 – Criminals posing as lawyers or law firms asked victims to make time-sensitive wire transfers.
If you feel you are a victim of any similar attack, please notify https://www.ic3.gov.
Learn how to recognize a phishing scam
Staff awareness training plays a critical role in the fight against phishing attacks, saving your company from theft, fines, and reputational damage. An informed staff is the number one defense against these threats.
Recognizing a phishing scam (or vishing/smishing, depending on the means of communication used) is much easier if you know what to look at and how to behave. The Phishing Staff Awareness E-learning course informs you about what a phishing scam is, its features and how they work, how to distinguish phishing emails from legitimate ones, and best practices to follow to avoid becoming a victim yourself.