Business Email Compromise (BEC) scams have increased in volume and value over the last two years, with new data showing cybercriminals make over $300 million per month from US victims alone. 

The Financial Crimes Enforcement Network (FinCEN), a bureau of the US Department of Treasury, recently revealed that the number of BEC reports has skyrocketed, from 500 per month in 2016 to over 1,100 last year. The value of BEC thefts has also increased over the same period, from $110 million per month to $301 million. 

The manufacturing and construction sector were the most targeted industries in 2017 and 2018, accounting for over a fifth of reports during this time period. The commercial services industry was the second most targeted industry in 2018. Commercial services includes shopping centers, entertainment facilities, and lodging. This sector was followed by the real estate industry, which was attacks triple from 6% in 2017 to 18% in 2018. 

FinCEN claims that the majority of BEC attacks (73%) involved scammers receiving funds into US accounts, rather than ones overseas. They also noted that industries that are common in particular states more than likely represent the most targeted companies in each state (IE. Financial firms in New York). 

CEO impersonation accounted for 33% of scams in 2017, but shrunk to 12% in 2018, while the use of fraudulent vendor or client invoices increased from 30% to 39% over the period. Impersonation of an outside entity was 20% in 2018, but was not noted in 2017. 

Earlier this year, the FBI issued a warning claiming the losses and potential losses reported as a result of BEC scams hit over $12 billion globally. The report also found that the real estate industry is increasingly being targeted by hackers, claiming, "From calendar year 2015 to calendar year 2017, there was over an 1100% rise in the number of BEC/EAC victims reporting the real estate transaction angle and an almost 2200% rise in the reported monetary loss."

The best approach to handling BEC attacks is to accept that humans will make mistakes but to recognize that checks and balances are essential to staying safe from an attack. File Integrity Monitoring is advocated as an essential security defense by all leading authorities, such as NISTCIS, and the PCI Security Standards Council. Introducing NNT’s real-time FIM  solution into your IT Environment will ensure that a secure, hardened build standard is maintained at all times, and if any changes are made in underlying core file systems, you’ll be notified in real-time and able to take action before any serious harm is done.

 

 

 

 

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.