According to new Symantec research, business email compromise (BEC), or “CEO fraud”, continues to be the bane of companies in 2016. BEC scams, an evolution of Nigerian 419 scams, are low-tech financial fraud in which spoofed emails from CEOs are sent to financial staff to request large money transfers. While they require little expertise and skill, the financial rewards for the fraudsters can be high. Symantec has taken a deep dive into BEC and found that SMBs and financial sector organisations are the most targeted by BEC scammers.
A media release from Symantec says that other key global findings include:
On average, over 400 businesses are hit by BEC scams daily, and at least two employees per business, likely in senior financial staff, are targeted with an e-mail.
The main IP addresses associated with the e-mails stem from Nigeria, the United States, and the United Kingdom, among other countries.
While there are multiple groups responsible for BEC scams, one group is responsible for over 12 percent of BEC e-mail traffic.
E-mails are sent Monday to Friday, following a standard working week, as scammers know that this is when businesses expect e-mails and can clear financial transactions.
Symantec says that user education is the most effective means of protecting companies against BEC scams.
Question any emails requesting actions that seem unusual or aren’t following normal procedures.
Users shouldn’t reply to any emails that seem suspicious. Obtain the sender’s address from the corporate address book and ask them about the message.
Use two-factor authentication for initiating wire transfers.
For more information, you can read Symantec’s blog here www.symantec.com
