The FBI released a Public Service Announcement on Sept. 10 alerting organizations and individuals to the massive increase in business email compromise, a form of wire fraud that has resulted in billions in losses in recent years.
Four things to know:
1. Business email compromise, also known as email account compromise, typically occurs when legitimate business or personal email accounts are breached via hacking or phishing to conduct unauthorized transfers of funds. Another popular variation accesses employees' personally identifiable information or W-2 tax forms with a phishing attack.
2. Between June 2016 and July 2019, a total of 166,349 domestic and international incidents of business email compromise were reported to the FBI's Internet Crime Complaint Center. The scam has been reported in all 50 states and 177 countries, according to the FBI, with the majority of the fraudulent transfers being sent to banks in China and Hong Kong.
3. During that three-year period, total global losses associated with the scam amounted to $26.2 billion. According to CNBC, in contrast to other types of cyberattacks, funds lost in business email compromise often cannot be recovered, as they are not insured by the sending bank once wired.
4. To prevent these attacks, the FBI recommends educating employees about the scheme and the fraudulent practices used to carry it out, such as spoofed hyperlinks and email accounts. The agency also suggests the use of two-factor authentication, regular monitoring of financial accounts and regular system privacy updates.