The FBI's Internet Crime Complaint Center (C3) released its latest annual report, detailing reported losses of $16 billion in 2024, a 33% increase in losses from the year before.
One of the most financially damaging cyber crimes is business email compromise (BEC). In a BEC scam -- also known as email account compromise (EAC) -- criminals send an email message that appears to come from a known source making a legitimate request.
In 2019, Toyota suffered a $37 million loss when a scammer impersonated a business partner and requested funds transfers.
Ubiquiti, a networking company, lost $46.7 million due to a BEC scam where scammers impersonated legitimate vendors and requested payment.
Even the government of Puerto Rico lost $2.6 million to a BEC scam after an employee received an email that alleged a change to a banking account tied to remittance payments.
How BEC Scams Work
Protecting your business assets means understanding how BEC scams work. The FBI warns that a BEC scammer might do one or more of the following:
- Spoof an email account or website. Slight variations on legitimate addresses can fool victims into thinking fake accounts are authentic.
- Send spearphishing emails. These messages look like they're from a trusted sender to trick victims into revealing confidential information. That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the BEC schemes.
- Use malware. Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. That information is used to time requests or send messages so accountants or financial officers don't question payment requests. Malware also lets criminals gain undetected access to a victim's data, including passwords and financial account information.
Teach Employees How to Prevent BEC Scams
Unfortunately, uninformed employees could open the virtual doors to a BEC scam. The best way to prevent these types of cyber crimes is to ensure your employees receive training about the risks and the best behaviors to avoid them.
Warn employees:
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
- Don't click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company's phone number on your own (don't use the one a potential scammer is providing) and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- Be careful what you download. Never open an email attachment from someone you don't know, and be wary of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
- Verify payment and purchase requests in person if possible or by calling the person to make sure it is legitimate. You should verify any change in account number or payment procedures with the person making the request.
- Be especially wary if the requester is pressing you to act quickly.
How to Insure Against BEC and Other Cybercrimes
Despite your best efforts to train employees and to be diligent against attempted BEC scams, there's always a chance that a sophisticated cyber attack could result in a financial loss or data breach.
That's why cyber liability insurance has become an essential part of commercial insurance coverage over the past few years. The C3 report demonstrated a YOY increase in losses from cybercrime every year since 2021. AI technology is allowing cybercriminals to increase the sophistication and volume of their attacks, which increases the likelihood of a breach.
Just like property insurance can help protect your physical assets like your building and equipment, cyber liability insurance can help you protect your financial assets in the event of a data breach.
To learn more about the cyber risks facing your business and to get a quote on cyber liability policy, contact your trusted insurance professional. You may not be able to prevent all cyberrisks from occurring, but the right insurance coverage can help keep your business running if you do run into a situation that puts you or your clients at risk.