Freely subscribe to our NEWSLETTER

In light of recent warnings from the FBI regarding BEC, we took an in-depth look at Symantec’s Email Security.cloud data to get a better understanding of the state of BEC fraud today.

So who’s being hit by these scams? And who are the people behind them? Here’s what we know:

1. Small and medium sized businesses are most targeted by scammers

BEC scammers are pretty indiscriminate in the organizations they target. Almost 40 percent of identified victims are small to medium sized businesses. The next largest category of victim is the financial sector, at 14 percent.

2. Over 400 businesses on average are hit by BEC scams daily

Email data from Symantec shows how hundreds of organizations are receiving BEC scam emails every day. Within these organizations, at least two individuals will be targeted with a BEC email. These individuals will most likely be senior financial staff.

3. Organizations have lost over $3 billion to BEC scams

Data from the FBI illustrates how lucrative BEC is. At least $3 billion have been lost to BEC scams in the past three years, with over 22,000 victims globally.

4. BEC is an evolution of the infamous Nigerian 419 scams

Nigerian 419 scams were one of the first email financial scams. Individuals were sent emails promising them riches in return for a small donation to help a fictional Nigerian prince. These scammers have now moved onto targeting businesses and are using less elaborate ruses to trick them into transferring money.

We examined a number of email addresses used by the scammers and found that 46 percent have Nigerian IP addresses. The rest are operating from the United States, the United Kingdom, South Africa, Malaysia, and Russia.

5. While there are multiple groups behind BEC scams, one group dominates.

One group of scammers is responsible for approximately 12 percent of BEC emails we’ve observed. Over the past two months, this group has obtained access to at least 68 legitimate email accounts, targeted over 2,700 organizations, and used 147 email accounts to correspond with victims. The majority of this group’s activity originates from Nigeria, though some of their emails come from the UK and US too.

6. Emails are sent Monday to Friday, following a standard working week

It should come as no surprise that the majority of BEC emails are sent on weekdays. The scammers know that this is when most businesses would expect emails. And more importantly, most financial transactions can only be cleared during weekdays. BEC scammers are also most active during a typical working day. They will generally begin sending emails from 0700 GMT, take a break from 1100 until 1400 GMT and then resume sending until 1800 GMT.

7. “Request” is the most common subject line

BEC scammers keep things simple with most emails containing a single-word subject line. Subjects always contain one or more of the following words: request, payment, urgent, transfer, enquiry. Simple, innocuous subject lines are less likely to arouse suspicion and are also harder to filter.

Protecting against BEC

User education is the most effective means of protecting companies against BEC scams.

• Question any emails requesting actions that seem unusual or aren’t following normal procedures
• Users shouldn’t reply to any emails that seem suspicious. Obtain the sender’s address from the corporate address book and ask them about the message
• Use two-factor authentication for initiating wire transfers

If you believe you have been a victim of BEC fraud, notify your financial institution and local law enforcement as soon as possible.