The Fraud Examiner

Business Email Compromise: A Scam that Could Cost Your Company
 

Ron Cresswell, J.D., CFE
Research Specialist, ACFE


Sam is the corporate controller of ABC, Inc., an online furniture retailer. As part of his job, Sam approves wire transfers to ABC’s suppliers, many of them Chinese companies. One day, Sam receives an email from ABC’s CEO. The email says that ABC just completed negotiations to buy one of its Chinese suppliers. The email tells Sam to await instructions from ABC’s accounting firm and to speak to no one else about the sale. According to the email, SEC regulations require the details of the sale to remain confidential at this point. A few hours later, Sam receives an email from ABC’s accounting firm, which instructs him to wire $500,000 to a Chinese bank immediately. Sam approves the wire transfer.

Later, Sam discovers that both emails were fraudulent, that there was no sale and that he wired $500,000 of ABC’s money directly to fraudsters. ABC was the victim of a business email compromise (BEC) scam (also known as CEO fraud).

The FBI has issued several public service announcements warning of the rapid and alarming increase in BEC scams. In the most recent public service announcement, issued on June 14, 2016, the FBI estimates that BEC scams have resulted in over $3 billion in exposed dollar loss [1] worldwide. From October 2013 to May 2016 alone, there were over 15,000 victims of BEC scams and over $1 billion in exposed dollar loss. According to the FBI, BEC scams have been reported in over 100 countries and the majority of the fraudulently transferred funds go to Chinese banks.

 

How BEC Scams Work

In the traditional BEC scam, a fraudster uses a fake email from an executive (e.g., CEO, CFO) to trick an employee into wiring funds to the fraudster. The executive’s email account may be compromised by social engineering or computer intrusion techniques (e.g., malware). Sometimes emails are spoofed by adding, removing or changing characters in the email address. For example, if a CEO’s email address is John.Smith@ABCINC.com, the fake email may come from John.Smit@ABCINC.com (the “h” in “Smith” is missing) or John.Smith@ACBINC.com (the letters “B” and “C” in “ABCINC” are transposed). This makes it difficult to spot the fake email address.


Sign In

Not a member? Click here to Join Now and access the full page.