Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here
What We Do
Since 1989, Bottomline has been modernizing global business payments with connected solutions for more than 800,000 financial institutions and businesses in 92 countries.
AP Automation AP Automation For Real Estate Payments Hub
Payouts Automation Payments Processing Receivables Automation Payments Hub
Paymode Pay Vendors Receive Payments Partner With Us
Connectivity Services Message Transformation & Enrichment Message Vault Risk Solutions
Connectivity Services Message Transformation & Enrichment Message Vault Payments Verification Payments Verification for Businesses
Global Cash Management Hub Digital Banking
Global Cash Management Hub
Who We Serve
Our Company
By Alber Laino, Solution Consultant Team Lead, Bottomline
Business Email Compromise (BEC) fraud is a significant threat to organizations worldwide. This sophisticated form of social engineering involves bad actors impersonating company executives or trusted business partners to deceive employees into transferring money or sensitive information. This type of fraud can be used to facilitate account takeover (ATO) and authorized push payment (APP) fraud schemes, among other types of payment fraud.
BEC fraud typically starts with an innocuous-looking email. For example, in a CEO scam, an employee might receive an email that appears to be from their CEO or another high-ranking executive. The email urgently requests a wire transfer for what is claimed to be a confidential business matter. The urgency and the apparent authority of the request pressure the employee to act quickly, bypassing normal verification processes.
This tactic is alarmingly effective. According to the Federal Bureau of Investigation (FBI), losses from BEC fraud surpassed $43 billion globally between 2016 and 2021, and the numbers continue to rise. In 2022, 27% of all cybercrime-related financial losses reported by businesses were due to BEC, a figure approximately 80 times greater than losses to ransomware, which often garners more headlines.1
Detecting BEC fraud early is crucial for protecting business assets. Employees should be trained to recognize the following red flags:
Implementing robust business email compromise detection protocols is essential in identifying these red flags before any damage is done. Employee education is always the first line of defense, with employees being trained to scrutinize all emails that involve financial transactions or data disclosure, and to verify any unusual requests or changes in payment details directly through known telephone numbers or face-to-face conversations.
Additionally, businesses should implement advanced email security solutions that include spam filters, domain authentication, and intrusion detection systems to prevent phishing emails from reaching end users.
Business Email Compromise (BEC) fraud is a formidable challenge, but with the right strategies, businesses can protect themselves from significant financial losses. Recognizing the signs of BEC fraud, educating employees, implementing advanced security technologies, and enforcing robust internal controls are all critical steps in fortifying defenses and upholding the integrity of financial operations in the face of evolving digital threats.
When fortifying security against BEC Fraud, Network Analytics that quickly identify relationships and interactions between entities can bring a BEC scheme to the surface quickly, and Alert Management establishes workflows that can analyze threats and user activity in real-time, giving you a chance to proactively monitor against BEC threats.