Business Email Compromise Losses in Top 3 Crimes Types Reported

Fraud schemes continue to grow, evolve and target legitimate businesses, nonprofits, government and other public-sector organizations. Business Email Compromise (BEC), Vendor Impersonation Fraud, and Payroll Impersonation Fraud are monitored by the FBI. While these threats are not about a direct compromise of the ACH Network or other payment systems, they exploit vulnerabilities or gaps in processes or procedures.

In fact, the Internet Crime Complaint Center, the FBI’s reporting mechanism for suspected criminal activity, received over 20,000 BEC and email account compromise complaints in 2018, with losses reported at $1.2 billion. See the IC3 2018 Internet Crime Report.

NACHA is committed to helping financial institutions, businesses, other organizations, and consumers protect themselves and prevent fraudulent activity. Our Current Fraud Threats Resource Center contains resources to recognize, prevent, and report BEC and other email account compromise situations. Link

With Business Email Compromise, legitimate business email accounts are either compromised or impersonated, and then used to order or request the transfer of funds. The fraudster will often compromise one of the business’ officers and monitor his or her account for patterns, contacts and information. Using information gained from social media or ‘out of office’ messages, the fraudster will often wait until the officer is away on business to use the compromised email account to send payment instructions.

Vendor Impersonation Fraud can occur when a business, public-sector agency or entity, such as a municipal government agency or a public university/college, receives an unsolicited request, purportedly from a valid contractor, to update the payment information for that contractor. This type of request could come from fraudsters and not the contractor.

Payroll Impersonation involves a fraudsters targeting individual employees by directing the employees to update or confirm their payroll information via a fake payroll platform that spoofs their employer’s actual payroll platform. When the employee logs in from a link or attachment in the email, the fraudsters then use the stolen employee credentials to change payment information in the real payroll platform.