Business Email Compromise: What You Should Know

Hi Friend,

I hope you’ve had a productive week so far? The weekend is finally here, and I hope you get the much-needed rest. While you plan to do so, why not start your relaxation by reading this piece that would be beneficial to you and you organisation.

In today’s article we would be delving into Business Email Comprise (BEC)

  1. What exactly is Business Email Comprise (BEC)?

BEC is a scam method deployed by cyber criminals to defraud an individual or business through emails.  In a BEC scam, cyber criminals send an email that appears to come from a legitimate source making a legitimate request or communication.

  • Are BEC scams frequent?

The United States FBI Internet Crime Complaint Center in its 2020 Internet Crime Report  states that there were 791,790 complaints of suspected internet crime; an increase of more than 300,000 complaints from 2019 and reported losses exceeding $4.2 billion.

The top ten (10) Countries that are victims of BEC scams are[1]:

1. United Kingdom  – 216,633

2. Canada –  5,399

3. India  – 2,930

4. Greece – 2,314

5. Australia –  1,807

6. South Africa – 1,754

7. France – 1,640

8. Germany – 1,578

9. Mexico – 1,164

10. Belgium – 1,023

  • Case Studies
  • In 2020, three suspects were arrested in Lagos, Nigeria following a joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation. The Nigerians cybercriminals were responsible for distributing malware, carrying out phishing campaigns and extensive Business Email Compromise scams.

The suspects are alleged to have developed phishing links, domains, and mass mailing campaigns in which they impersonated representatives of organizations. They used these campaigns to disseminate 26 malware programs, spyware and remote access tools. These programs were used to infiltrate and monitor the systems of victim organizations and individuals, before launching scams and syphoning funds. According to Group-IB, the prolific gang is believed to have compromised government and private sector companies in more than 150 countries since 2017[2].

  1. In June 2021, an Atlanta court sentenced Anthony Dwayne King to two and a half years in prison for his role in a BEC scam. Anthony Dwayne King and his accomplices had scammed individuals and businesses of about $250,000 across four U.S. states.

Between October 2018 and February 2019, King and his accomplices conducted BEC and vishing (phone phishing) operations, setting up fake companies and opening fraudulent bank accounts to redirect wire transfers. Theses cybercriminals targeted law firms and home movers but were arrested by Georgia’s Cyber Fraud Task Force.

  • Identifying BEC Scams

BEC cybercriminals are wise. Businesses and individuals like you and I have to be wiser to identify these BEC scams.

In our next piece, we would be discussing ways to identify and mitigate BEC Scams.

Till Next week, stay cybersafe.


[1] https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

[2] https://www.interpol.int/en/News-and-Events/News/2020/Three-arrested-as-INTERPOL-Group-IB-and-the-Nigeria-Police-Force-disrupt-prolific-cybercrime-group

Leave a Reply

Your email address will not be published. Required fields are marked *