Business email compromise, or BEC, is a fast-growing type of phishing scam in which fraudsters impersonate company owners or executives to deceive employees of the firm into transferring money or turning over confidential data. Also known as “CEO fraud,” “W-2 phishing,” “email account compromise” and “business email spoofing,” the con comes in two basic varieties:
- An employee with access to company accounts receives an urgent email request, ostensibly from a top executive, to wire a large sum of money for what sounds like a legitimate purpose, such as an acquisition or vendor payment. The message includes routing data for a bank account that’s actually controlled by the fraudsters, often at a foreign bank. In a variation on this scam, the email supposedly comes from a vendor looking to change its payment account.
- The bogus executive emails someone in the payroll or human resources office seeking a list of employees and copies of their W-2 forms. That potentially puts a wealth of workers’ personal and financial information — Social Security numbers, home addresses, wages and tax withholding — into scammers’ hands, setting the stage for large-scale tax ID fraud and other forms of identity theft.
Law enforcement has linked BEC to international organized crime groups, often based in Nigeria. The scam relies on sophisticated techniques in spoofing (making fake emails and business documents look convincing) and spear phishing (researching a mark to launch highly targeted attacks). Scammers might also use malware to infiltrate a company’s computer network and access email exchanges about financial matters.
This form of fraud can pay off: Victims of BEC scams reported nearly $1.87 billion in losses to the FBI's Internet Crime Complaint Center (IC3) in 2020 — about 45 percent of all cybercrime losses logged by the bureau that year and a 44 percent increase from just two years earlier.
The FBI says criminals are increasingly using identities harvested in other scams to create bank accounts to receive stolen BEC funds and convert them to cryptocurrency. They are also using the COVID-19 pandemic to perpetrate new spins on the scam — impersonating lenders supposedly following up on Paycheck Protection Program loans, for example, or infiltrating audio and video meeting platforms to deceive remote workers.