FinCEN, the Financial Crimes Enforcement Network, doesn’t publish too many alerts. In fact, for the first half of 2019, it had published only nine news items. So when it published three on a single day in July 2019 on one subject alone, it’s clear that one subject had gotten its attention.
The focus of this attention is a scheme known as business email compromise, or BEC. FinCEN reports that Suspicious Activity Reports for this area have more than doubled from about 6,000 in 2016 to more than 13,000 in 2018. All told, it is estimated that since 2016, there have been more than $9 billion in possible losses to financial institutions and their customers because of BEC.
Business email compromise is when criminals hack into an email account and then send fraudulent payment instructions to either a financial institution or a business associate of the victims. It can also involve those instances where the bad guys compromise the account of an individual, typically high net worth individuals that routinely use email to make arrangements for payments.