In April 2016, I highlighted insurance issues related to business enterprise compromises, or BECs. Yesterday, I had the privilege of presenting on the topic to the Central Jersey Chapter of the Institute of Internal Auditors at its Annual Fraud Conference (thanks to Frank Pina at Mercadian for the invite).
Since I last wrote about the subject, the FBI has determined that BECs, also known as CEO fraud, social engineering and spoofing, are among the most costly forms of cyber-crime. Refresher: the FBI defines a BEC as a “sophisticated scam targeting both businesses and individuals performing wire transfer payments…[that] is frequently carried out when a subject compromises legitimate business e-mail accounts through social engineering or computer engineering techniques to conduct unauthorized transfers of funds.” Common examples of BECs are e-mails that appear to come from a CEO or CFO directing an employee to pay a fake vendor and scammers posing as title insurance representatives sending last-minute changes in wiring instructions to real estate purchasers.
Between 2013 and 2018, BECs accounted for over $12.5 billion in reported losses globally. I say reported because the FBI’s data set is limited to self-reported information received through its Internet Complaint Center, or IC3. Many victims of this type of fraud likely do not report it to the FBI for a multitude of reasons. Of these losses, there have been 41,058 incidents in the United States accounting for nearly $3 billion in losses. This figure represents more than half of fraud-related losses reported to the FBI during this -five-year period.