Beware of These 5 Varieties of Business Email Compromise Scams

Business Email Compromise (BEC) scams have become a significant concern for businesses worldwide, with the cyber threat currently being the most expensive for businesses. These scams, also known as Email Account Compromise (EAC), can lead to substantial business losses.

In these scams, bad actors often pose as government officials, executives, or colleagues within the target's organization. They may instruct victims to pay immediately to avoid a negative consequence, usually by wire transfer or gift cards. Examples of such scams include COVID-19-related scams targeting large healthcare organizations and scams that resulted in $121 million in losses for Facebook and Google.

One infamous BEC attack occurred in 2021, when Twitter fell victim to a BEC attack where bad actors pretending to be repair contractors convinced a Twitter employee to provide access credentials, allowing cybercriminals to take over accounts belonging to celebrities.

Another type of BEC attack is the executive impersonation scam, where bad actors pose as executives at the victim's company or another organization. In these scams, bad actors aim to get victims to download malicious documents, send money, provide sensitive information, or help them access restricted systems and data. Examples of executive impersonation scams include a $3 million offshore payment scam at toy manufacturer Mattel and a $21 million loss at French cinema company Pathé.

To combat these threats, companies like Graphus have developed innovative solutions. Graphus' AI-powered email security is a defense against BEC threats and phishing-related attacks. It prevents 40% more spear phishing messages from reaching an employee's inbox. Graphus' EmployeeShield displays a bright, prominent box on suspicious messages, reminding employees to be cautious and allowing them to designate a message as genuine or malicious with a single click.

Moreover, Graphus' TrustGraph technology uses more than 50 distinct data points to discover sophisticated phishing messages, even zero-day attacks. Graphus' Phish911 allows employees to report potentially malicious emails, immediately removing them from everyone's inboxes.

The U.S. Federal Trade Commission provides examples of gift card scam scenarios, including impersonations of government agencies, tech companies, and utility companies. In a common gift card scam, cybercriminals pretend to be utility representatives threatening to cut off service if the victim doesn't pay immediately. In another gift card scam scenario, bad actors falsely represent themselves as customers who claim they've sent an incorrect payment and are owed money, sometimes threatening legal action if the "overpayment" isn't returned quickly.

In February 2021, entrepreneur Obinwanne Okeke was sentenced to 10 years in prison for his involvement in a BEC scheme that resulted in at least $11 million in losses to his victims.

Graphus can be easily deployed and integrated via API with Microsoft 365 and Google Workspace, and it is half the price of the competition. By implementing solutions like Graphus, businesses can significantly reduce their vulnerability to BEC scams and protect their assets from potential losses.