Business email compromise (BEC) incidents are on the rise. BEC is a sophisticated fraud scheme that targets businesses using wire transfers as a payment method, resulting in approximately $8 million and rising in global daily losses. Cybercriminals identify organizations, often AEC firms, and initiate a grooming process.
Cybercriminals use numerous communication methods, including phone calls, emails, and texts. If you, as the victim, are convinced that this is a legitimate business transaction, you follow the wiring instructions and send the funds to the new account.
Phishing involves sending fraudulent communications that appear to come from a reputable source, intending to steal sensitive data or deliver malware. It’s one of the most common methods used to target AEC professionals.
There are various types of phishing attacks: email, voicemail, and smishing (text-based), with 90% occurring via email. Attackers use these methods to deceive individuals into giving up sensitive information or taking malicious actions. The impact on a firm can include:
- Financial losses
- Unauthorized access to sensitive project or client data.
- Disruptions to operations.
Watch for red flags in all your emails, regardless of organizational or personal information threats. Cybercriminals often cast a wide net — they are looking to steal information, infect your machine with malware, or find ways to make money by selling your information on the dark web.