{"id":49948,"date":"2022-05-12T09:18:13","date_gmt":"2022-05-12T16:18:13","guid":{"rendered":"http:\/\/www.enxmag.com\/twii\/?p=49948"},"modified":"2022-05-12T09:18:15","modified_gmt":"2022-05-12T16:18:15","slug":"business-email-compromise-shouldnt-be-the-cost-of-doing-business","status":"publish","type":"post","link":"http:\/\/www.enxmag.com\/twii\/the-week-in-imaging-twii\/editors-blog\/2022\/05\/business-email-compromise-shouldnt-be-the-cost-of-doing-business\/","title":{"rendered":"Business Email Compromise Shouldn\u2019t Be the Cost of Doing Business"},"content":{"rendered":"\n
\"\"<\/figure><\/div>\n\n\n\n

The FBI last week published a public service announcement updating its warnings about the continuing threat of business email compromise (BEC, also called CEO fraud). The problem has reached shocking proportions: between June of 2016 and December of 2021, the Bureau counted 241,206 domestic and international incidents of business email compromise. The \u201cexposed dollar loss\u201d (which includes both actual and attempted losses) is the real shocker: $43,312,749,946, more than $43 billion dollars.<\/p>\n\n\n\n

At its root, BEC is a social engineering problem. \u201cThe scam is frequently carried out when an individual compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds,\u201d the FBI explains. Some of its variants don\u2019t necessarily involve a direct, unauthorized transfer of funds. The crooks also look for \u201cPersonally Identifiable Information, Wage and Tax Statement (W-2) forms, or even cryptocurrency wallets.\u201d<\/p>\n\n\n\n

And the problem is growing worse. \u201cBetween July 2019 and December 2021, there was a 65% increase in identified global exposed losses.\u201d Part of the increase may be attributable to the growing use of cryptocurrencies, which are well adapted to fast funds transfers and have a reputation for anonymity. \u201cThe IC3 has received an increased number of BEC complaints involving the use of cryptocurrency. Cryptocurrency is a form of virtual asset that uses cryptography (the use of coded messages to secure communications) to secure financial transactions and is popular among illicit actors due to the high degree of anonymity associated with it and the speed at which transactions occur.\u201d<\/p>\n\n\n\n

The public service announcement offers some suggestions businesses might follow to protect themselves. Some of them involve instituting sound policies, like using \u201csecondary channels or two-factor authentication to verify requests for changes in account information,\u201d or seeing to it that \u201cthe settings in employees’ computers are enabled to allow full email extensions to be viewed.\u201d<\/p>\n\n\n\n

Many of them, however, are matters of training:<\/p>\n\n\n\n