Small Businesses Increasingly Targeted by BEC Scams
Criminals use BEC scams against small businesses to steal hundreds of thousands of dollars in food shipments.
They spoof emails and domains to impersonate employees at real firms, according to a joint Cyber Security Advice (CSA) issued Thursday (December 15) by the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI) and the US Department of Agriculture (USDA).
After doing so, the criminals then order shipments of food products, don’t pay for them, repackage them for individual sale and sell them, according to the CSA.
In examples of recent BEC scams, criminals have placed orders using email addresses and websites that mimic legitimate addresses, with only an extra letter, wildcard character or other top-level domain distinguishing them from that of a legitimate company – differences that can easily be overlooked by a supplier’s staff.
Across industries, BEC schemes cost U.S. businesses nearly $2.4 billion and led to 19,954 complaints to the FBI’s Internet Crime Complaint Center (IC3) in 2021, according to the most recent FBI Internet Crime Report.
As PYMNTS reported at the time of the release of the report, Americans’ losses to internet crime reached a record $6.9 billion in 2021, up 7% from the year before.
Along with BEC, these crimes include SIM swapping, employment schemes, tech support fakes, auction fraud and romance scams.
The FBI report also showed that cyber crooks are going after lucrative targets like financial services and healthcare, they are increasingly impersonating customer service agents, and their top tactics are now fraud (fake emails, phone calls and fake websites) and seeking sensitive data through email and social media.
Today, cyberattacks and hackers are increasingly targeting small and medium-sized businesses (SMBs), CNBC reported Friday (Dec. 16).
That’s because a growing number of large enterprises are investing in cybersecurity tools, while many SMBs are not, according to the report.
“So what the cybercriminals do is they turn, they evolve and they target the soft targets, which are the small and medium businesses,” FBI Supervisory Special Agent Michael Sohn said in the report.
Sohn suggested that SMBs follow basic password best practices, use trusted products and services, update their software, encrypt and back up their data offline, and be wary of emails that appear to be from colleagues, clients or suppliers that aren’t quite right. doesn’t seem .
How consumers pay online with stored credentials
Convenience drives some consumers to store their payment receipts at merchants, while security concerns put other customers off. For “How We Pay Digitally: Stored Credentials Edition,” a collaboration with Amazon Web Services, PYMNTS surveyed 2,102 US consumers to analyze consumers’ dilemma and reveal how merchants can win.