Business Email Compromise (BEC) cases are on the rise, these are the prevention efforts That A Company can take
Email scams targeting companies are increasingly rampant. This mode of fraud is known as business email compromise (BEC). The latest FBI release stated that throughout 2019 BEC attacks have caused organizations to lose 1.77 billion US dollars. The report also received 23,775 complaints related to BEC.
BEC case in Indonesia
The Directorate of Cyber Crime (Dittipidsiber) of the Indonesiaan Police and Criminal Investigation Body (Bareskrim) have handled BEC cases in 2019. One of the cases, as quoted by Medium (9/1/2019), was a Nigerian network that has an accomplice in Indonesia. The perpetrator was targeting OPAP Investment Limited in Greece. Basically, BEC is a type of fraud that is conducted via email. In this case, the perpetrator hacked the company’s treasurer’s email. Based on the hacked email, the perpetrator gained company information and tricked a bank in the Czech Republic to transfer a number of accounts receivable to the perpetrator’s account number. Meanwhile, the bank believed that the bill was officially sent by OPAP because it was sent from the treasurer’s email.
Other forms of BEC that are commonly carried out by perpetrators are:
– Fraud invoice
– Account takeover
– CEO fraud
– Data theft
With the increase in cases of email fraud, in addition to tightening security in terms of cyber security, companies need to build awareness of information security among their employees. This can be done by providing training sessions, setting up tight procedures for transactions, and establishing transparent communication.
Should a company become a victim
Conducting prevention efforts are always better than recovering from losses. However, there is a time when a company has to face the harsh reality of being attacked by a BEC. Therefore, companies should prepare countermeasure actions to take should they be attacked. This includes conducting an investigation of the company itself, to minimize the damage and losses as well as to improve the company’s security system.
Investigating cyber fraud requires a lot of resources, labor, and time. One of the challenging parts of the investigation is that the victims, perpetrators, and witnesses could be in different jurisdictions. However, such a case can be resolved if the investigator uses a combination of internet research, conventional investigative tools, and cooperates with law enforcement in different jurisdictions. Companies are strongly advised to work with an experienced and professional third-party carrying out business investigation services to handle a fraud-related case.
Integrity has been trusted by its clients as a provider of risk mitigation and business investigation services – including fraud audits and investigations, theft investigations, asset tracing, skip tracing, and litigation support. Our analysts and investigators are personnel who are equipped with skills and experience in conducting business investigations. For more information about business investigations, do not hesitate to contact us.