BEC are social engineering-based scams which occur when cybercriminals gain the trust of victims and get them to make online transactions or wire transfers.
"Never accept an email for a change of details; always get verbal confirmation.” - Scott
It’s often hard for people in the businesses to tell they are not dealing with a supplier, customer or even co-worker. The transaction will often appear legitimate even to the organisation’s financial institution.
The FBI estimates worldwide losses since 2015 at $US3 billion and rising. Australia is not immune: in 2017, instances of BEC rose by an astonishing 230 per cent between the 2016 and 2017 financial years. In 2017, this amounted to losses of $A22.1 million.
Corey Scott, Managing Director of Brisbane-based tool and construction equipment provider TEN Group has experienced the impact of BEC firsthand when he was alerted to a suspect supplier payment by fraud team here at ANZ.
BEC is becoming increasingly sophisticated and experts warn businesses should consider a prevention strategy which brings together people, process and technology.
Even though the TEN payment was quickly identified as a fraud it took some time for the transaction to be reversed, pending the investigation between the two banks involved. TEN was in one way lucky: many businesses never see their money again.
"Although the transaction was eventually reversed, other impacts included delays in customer orders which our team spent a lot of time managing,” Scott says.