Nacha News

Nacha creates broadly adopted payment and financial messaging rules and standards through consensus-led governance, international collaboration, and innovative development practices. We continually advance the ubiquitous ACH Network and engage diverse stakeholders to accelerate a digital future of global financial services interoperability.

Report Finds Sharp Rise in Business Email Compromise

Author

Michael W. Kahn

Michael W. Kahn

Nacha

ORLANDO, Fla.—Think you’ve got a handle on Business Email Compromise (BEC)? Maybe think again.

“BEC fraudsters are innovative and devise ways that can ‘morph’ their fraud attempts into new and unexpected forms, thus continuing to scam their targets,” according to the 2019 “Payments Fraud and Control Survey Report” from the Association for Financial Professionals (AFP). 

The report was the focus of a session at Smarter. Faster. Payments 2019, where Magnus Carlsson, AFP’s Manager, Treasury & Payments, noted another disconcerting trend.

“Most people are aware of these scams, and yet they’re going up. Actually, they’re going up quicker now than before,” said Carlsson.

According to the study, the number of companies that report being hit by BEC went from 64% in 2015 to 80% in 2018. 
BEC takes several forms, but the most common one, cited by 81% of respondents, was fraudsters using spoofed emails addresses to pose as senior executives directing a funds transfer.

Also popular: Emails supposedly from vendors directing payments—based on authentic invoices—to fraudsters’ accounts; and emails pretending to be other third parties requesting bank account and other payment changes. 

Carlsson said the FBI has seen an increase in human resources departments being targeted. 

“It’s likely that criminals now are able to construct emails sent to HR departments, changing account numbers for their employees,” said Carlsson. 

If it sounds like a great deal of effort goes into BEC, you’re right.

“It takes a lot of work, and they’re willing to do it,” Carlsson said of the scammers. And there’s one reason: the payoff.
“For the first time we see that losses from these scams are over 50%,” said Carlsson. In fact, an estimated 11% of companies hit by BEC last year lost $1 million or more. 

While law enforcement continues working to stop BEC, the best defense starts with your own company. That means making employees aware of what’s going on, and training them to ask questions, rather than just reflexively acting on a request. Because, as Carlsson noted, BEC isn’t going away. In fact, just the opposite. 

“Criminals,” he said, “are getting better and better at these scams.”

Nacha’s updated “Protecting Against Fraud” booklet offers timely advice for businesses and consumers to be aware of not only BEC but several other fraud threats. Download the booklet as a PDF here