Email is still a popular media for cybercriminals to defraud companies by phishing. Email phishing which targets a company is known as Email Business Compromise (BEC). BEC perpetrators send email while impersonating CEOs, vendors, or colleagues to deceive and lure recipients into wiring money or giving credential information. The most common types of BEC are:

– Invoice fraud
– Account takeover
– CEO or Executive Fraud
– Legal impersonation
– Data theft

The case of a Lithuanian man who defrauded Google and Facebook to reap 123 million US dollars was the tip of the iceberg in BEC cases. As quoted from ZDnet (20/03), Evaldas Rimasauskas sent an email to employees while impersonating as one of Google’s vendor. He urgently requested the employee to wire the pending payment. He used email address resembling that of the vendor to deceive the employee.

Read More: Phishing: How Fraudsters Hack Your Companies through Your Employees

The FBI Internet Crime Complaint Center issued a public service announcement regarding increasing BEC cases, which were rising by 136% from December 2016 to May 2018. The report also said that reported and potential global losses caused by BEC exceeded 12 billion US dollar.

A survey by Trend Micro, a provider of cybersecurity solutions, found that compared to the previous year, the number of BEC attacks globally increased by 28% in 2018. In Southeast Asia, in particular, around 27.3% of BEC incidents occurred in Singapore, 26.1% in Malaysia, and 25% in Indonesia.

Regarding this issue, companies are strongly advised to provide their employees with prevention training and to raise awareness of BEC threat as part of their security system. Also, companies need to establish a culture of open communication so that employees will be more encouraged to report when they spot red flags pertaining to BEC.