WASHINGTON—A new report from the Securities and Exchange Commission (SEC) reveals nine public companies were swindled out of $100 million by email scams from thieves purporting to be business executives or third-party vendors.
The report focused on business email compromise (BEC) attacks, which are one of the most prevalent types of cyberfraud, as CUToday.info has reported on numerous occasions. BEC scams are used to gain access to a business email account and imitate the owner's identity in an effort to defraud a company. Data from cybersecurity firm Barracuda show that the most common BEC scam is trying to get the recipient to do a wire transfer to a bank account owned by the attacker, NAFCU said.
One of the companies in the SEC report made 14 wire payments – requested by a fake executive – over the course of several weeks and cost the company more than $45 million before it was flagged by a foreign bank. Another company paid $1.5 million in vendor invoices to the wrong banking account after receiving manipulated electronic documentation requesting a banking change, NAFCU reported in its analysis.
As these scams become more prevalent, the commission is encouraging companies to consider cyber threats when implementing internal accounting controls.