In 2019, Obinwanne Okeke (Invictus Obi) opened the eyes of many, especially Nigerians, to the danger of Business Email Compromise (BEC), after he was arrested by the FBI for facilitating cyberfraud valued at $11 million through compromised email.
It is 2022, and BEC has remained a high source of successful internet fraud, with yearly upticks amounting to billions of dollars. This situation is worsening even though the FBI since 2019, has intensified warning to internet users, providing security tips that will protect individuals from falling victim.
ZDNet, in a recent security report below, lists a six-point advice from the FBI that will help both companies and individuals keep their email safe and avoid falling victims.
Tekedia Mini-MBA edition 16 (Feb 10 – May 3, 2025) opens registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
The FBI has warned that BEC fraud costs businesses around the world $43 billion in losses during the period between June 2016 and December 2021.
The FBI’s Internet Crime Center (IC3) logged a whopping 241,206 complaints in the four-and-a-half-year period, with losses totaling $43 billion, according to a new public service announcement.
BEC fraud was the biggest category of cybercrime by financial losses in 2021, according to IC3. BEC cost businesses $2.4 billion in 2021, up from $1.8 billion in 2020.
US losses recorded by the FBI are much larger than losses reported by victims in non-US jurisdictions. Between October 2013 and December 2021, 116,401 victims reported total losses of $14.8 billion. In that period, 5,260 non-US victims reported losses of $1.27 billion.
BEC is a global problem. The scam has been reported in all 50 US states and by victims in 177 countries. Meanwhile, over 140 countries have received fraudulent transfers, according to IC3. However, banks located in Thailand and Hong Kong were the primary destination for the funds, followed by China, Mexico and Singapore.
BEC scams are considered a sophisticated ruse that targets business and individuals who are duped into transferring funds to the scammer’s account under the belief they are performing a legitimate transaction.
The FBI believes the pandemic and the shift to everything online spurred a 65% growth in BEC fraud losses between July 2019 and December 2021.
“Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses, meaning the dollar loss that includes both actual and attempted loss in United States dollars,” IC3 notes.
“This increase can be partly attributed to the restrictions placed on normal business practices during the COVID-19 pandemic, which caused more workplaces and individuals to conduct routine business virtually.”
It also reports an uptick in complaints involving cryptocurrency transfers.
The value of cryptocurrency today had a market cap of $3 trillion in November, up from just $14 billion five years ago, the US secretary of the Treasury recently noted.
The two main forms of BEC involving cryptocurrency were direct transfers, just like traditional BEC fraud, while the second involved a “second hop”, usually to a cryptocurrency exchange. In both situations, the victim is unaware that the funds are being sent to be converted to a cryptocurrency, says IC3.
Second hop transfers often involve tricking the victim into providing identity documents, such as a driver’s license or passport, which the attacker uses to open cryptocurrency wallets in the victim’s name. In 2020, IC3 received reports of $10 million in losses from victims involving cryptocurrency. By 2021, the value of cryptocurrency-related losses ballooned to $40 million.
FBI advice for protecting yourself includes:
- Use two-factor authentication to verify requests for changes in account information.
- Ensure the URL in emails is associated with the business or individual it claims to be from.
- Be alert to fake hyperlinks that may contain misspellings of the actual domain name.
- Avoid supplying login credentials or personal information via email.
- Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.
- Ensure the settings in employees’ computers allow full email extensions to be viewed.
- Monitor your personal financial accounts on a regular basis for irregularities.