{"id":17647,"date":"2024-03-20T11:28:00","date_gmt":"2024-03-20T15:28:00","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=17647"},"modified":"2024-03-28T13:28:55","modified_gmt":"2024-03-28T17:28:55","slug":"business-email-compromise-statistics","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/business-email-compromise-statistics\/","title":{"rendered":"A Look at U.S. Business Email Compromise Statistics (2024)"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-data-from-the-fbi-internet-crime-complaint-center-ic3-indicates-that-reported-business-email-compromise-scam-losses-are-up-nearly-58-since-2020-see-where-your-state-stands-regarding-the-costs-of-these-email-channel-scams\">Data from the FBI Internet Crime Complaint Center (IC3) indicates that reported business email compromise scam losses are up nearly 58% since 2020. See where your state stands regarding the costs of these email channel scams&#8230;<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A <a href=\"https:\/\/www.thesslstore.com\/blog\/how-to-spot-protect-against-business-email-compromise-bec-attacks\/\">business email compromise (BEC) attack<\/a> will turn your average day into a scorching dumpster fire. BEC is a devastating technique that can result in everything from system compromises and data breaches to financial losses and reputational ruination.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For this report, we\u2019re focusing on the financial consequences \u2014 i.e., reported financial losses \u2014 this type of attack creates for businesses and individuals in the United States. &nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Explore the latest business email compromise statistics data from the FBI\u2019s Internet Crime Complaint Center (IC3). The <a href=\"https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2023_IC3Report.pdf\">Internet Crime Report 2023<\/a> includes BEC statistics from 2023 and comparison data looking back over the last five years.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s hash it out.<span id=\"newline\"><\/span><\/p>\n\n\n<span style=\"--tl-form-height-m:150.25px;--tl-form-height-t:121.4583px;--tl-form-height-d:121.4583px;\" class=\"tl-placeholder-f-type-shortcode_12753 tl-preload-form\"><span><\/span><\/span>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-a-quick-review-of-what-business-email-compromise-scams-entail\">A Quick Review of What Business Email Compromise Scams Entail<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"396\" height=\"547\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/03\/business-email-account-compromise-statistics.png\" alt=\"A business email compromise statistics graphic for 2023 that illustrates the concept of more than $2.9 billion dollars being lost to business email compromise attackers in that year.\" class=\"wp-image-17651\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/03\/business-email-account-compromise-statistics.png 396w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/03\/business-email-account-compromise-statistics-217x300.png 217w\" sizes=\"auto, (max-width: 396px) 100vw, 396px\" \/><figcaption class=\"wp-element-caption\"><em>Data source: FBI IC3&#8217;s Internet Crime Report 2023.<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">The FBI categorizes business email compromise attacks as email-based defrauding scams that:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>target individuals and businesses alike, and<\/li>\n\n\n\n<li>typically involve using either compromised email accounts or closely spoofed accounts.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">In many cases, bad guys use this approach to request fraudulent fund transfers. However, other BEC scenarios involve bad guys requesting fraudulent bank account changes and trying to get their hands on sensitive data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u201cBut wait,\u201d you may say, \u201cI thought that email account compromise (EAC) attacks are those that involve bad guys taking over legitimate email accounts. Isn&#8217;t that the case?\u201d <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Yes, you would be right. However, BEC scams also typically involve bad guys compromising legitimate email accounts (often by using social engineering) to get the targets to do their bidding. And since there\u2019s so much overlap between the two terms, the FBI tends to <a href=\"https:\/\/www.fbi.gov\/how-we-can-help-you\/scams-and-safety\/common-scams-and-crimes\/business-email-compromise\">lump BEC and EAC incidents together into the same category<\/a>, using the terms synonymously.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Business email compromise attacks, totaling $2,946,830,270 in reported losses in 2023 alone, represent the second-costliest category of reported cyber crimes for the year. BEC attacks follow only investment scams in the year\u2019s rankings, which jumped 38% to top $4.57 billion in reported losses in 2023.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-a-five-year-comparison-of-bec-losses-2019-2023\">A Five-Year Comparison of BEC Losses (2019-2023)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Before diving into individual states\u2019 data, let\u2019s first look at the generally upward trend regarding business email compromise scams that have been reported to the IC3 and other law enforcement agencies over the past five years.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>&nbsp;<\/td><td><strong>2023<\/strong><\/td><td><strong>2022<\/strong><\/td><td><strong>2021<\/strong><\/td><td><strong>2020<\/strong><\/td><td><strong>2019<\/strong><\/td><\/tr><tr><td>BEC Losses By Victims<\/td><td>$2,946,830,270<\/td><td>$2,742,354,049<\/td><td>$2,395,953,296<\/td><td>$1,866,642,107<\/td><td>$1,776,549,688<\/td><\/tr><tr><td># of Complaints By Victims<\/td><td>21,489<\/td><td>21,832<\/td><td>19,954<\/td><td>19,369<\/td><td>23,775<\/td><\/tr><\/tbody><\/table><figcaption class=\"wp-element-caption\"><em>Data source: FBI IC3 Internet Crime Report (<a href=\"https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2021_IC3Report.pdf\">2021<\/a>, <a href=\"https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2022_IC3Report.pdf\">2022<\/a>, and 2023).<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Keep in mind that <strong>these numbers reflect only <em>reported losses.<\/em><\/strong> This is important to recognize because the FBI says that cyber crimes are largely underreported. Furthermore, the data also includes reported incidents from the American public who reside outside the U.S. and its territories as well.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Business email compromise complaint losses have increased by more than 65% since 2019. However, individual complaint reports have decreased by more than 9% in that same period. This means that the average cost per complaint has increased from $74,723 in 2019 to $137,132.03 in 2023.&nbsp; So, fewer people and organizations are being scammed out of larger amounts per incident.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-business-email-compromise-complaints-by-state-plus-washington-d-c-in-2023\">Business Email Compromise Complaints By State (Plus Washington D.C.) in 2023<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Alright, you\u2019ve waited long enough \u2014 it\u2019s time to dive into the individual states\u2019 data. For this section, we have three bits of data:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Total Reported Losses:<\/strong> This category refers to the total amount of reported financial losses by victims in either 2022 or 2023.<\/li>\n\n\n\n<li><strong>Number of Victims:<\/strong> This number refers to the individual complainants who reported losses due to BEC attacks.<\/li>\n\n\n\n<li><strong>Average Loss Per Victim:<\/strong> This refers to the average financial losses sustained by complainants who were victimized in BEC scams.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The business email compromise statistics included in this report were calculated based on data published in the FBI IC3\u2019s 2021, 2022, and 2023 Internet Crime Reports. We also used the <a href=\"https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2023State\/StateReport.aspx\">FBI IC3\u2019s State Report tool<\/a>, which breaks down all types of reported crime typos data by state.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>&nbsp;<\/td><td><strong>Total Reported Losses (2023)<\/strong><\/td><td><strong>Number of Victims (2023)<\/strong><\/td><td><strong>Average Losses Per Victim (2023)<\/strong><\/td><td><strong>Total Reported Losses (2022)<\/strong><\/td><td><strong>YOY Changes in Total Reported Losses (%)<\/strong><\/td><\/tr><tr><td>Alabama<\/td><td>$26,955,606<\/td><td>195<\/td><td>$138,233.87<\/td><td>$19,629,224<\/td><td>+37%<\/td><\/tr><tr><td>Alaska<\/td><td>$12,236,756<\/td><td>67<\/td><td>$182,638.15<\/td><td>$2,987,862<\/td><td>+310%<\/td><\/tr><tr><td>Arizona<\/td><td>$76,850,493<\/td><td>545<\/td><td>$141,010.08<\/td><td>$48,491,959<\/td><td>+59%<\/td><\/tr><tr><td>Arkansas<\/td><td>$15,284,456<\/td><td>128<\/td><td>$119,409.81<\/td><td>$22,788,271<\/td><td>-33%<\/td><\/tr><tr><td>California<\/td><td>$412,112,793<\/td><td>3,161<\/td><td>$130,374.18<\/td><td>$439,425,357<\/td><td>-6%<\/td><\/tr><tr><td>Colorado<\/td><td>$57,512,670<\/td><td>495<\/td><td>$116.187.21<\/td><td>$53,961,108<\/td><td>+7%<\/td><\/tr><tr><td>Connecticut<\/td><td>$38,103,346<\/td><td>276<\/td><td>$138,055.60<\/td><td>$35,746,379<\/td><td>+7%<\/td><\/tr><tr><td>Delaware<\/td><td>$9,618,579<\/td><td>61<\/td><td>$157,681.62<\/td><td>$8,419,097<\/td><td>+14%<\/td><\/tr><tr><td>District of Columbia<\/td><td>$18,970,376<\/td><td>149<\/td><td>$127,317.96<\/td><td>$15,279,911<\/td><td>+24%<\/td><\/tr><tr><td>Florida<\/td><td>$193,828,560<\/td><td>1,711<\/td><td>$113,283.787<\/td><td>$180,889,707<\/td><td>+7%<\/td><\/tr><tr><td>Georgia<\/td><td>$88,204,126<\/td><td>598<\/td><td>$147,498.54<\/td><td>$113,588,916<\/td><td>-22%<\/td><\/tr><tr><td>Hawaii<\/td><td>$2,841,044<\/td><td>73<\/td><td>$38,918.41<\/td><td>$4,443,071<\/td><td>-36%<\/td><\/tr><tr><td>Idaho<\/td><td>$17,412,873<\/td><td>99<\/td><td>$175,887.61<\/td><td>$12,531,126<\/td><td>+40%<\/td><\/tr><tr><td>Illinois<\/td><td>$94,174,031<\/td><td>773<\/td><td>$121,829.28<\/td><td>$83,883,493<\/td><td>+12%<\/td><\/tr><tr><td>Indiana<\/td><td>$55,751,807<\/td><td>326<\/td><td>$171,017.81<\/td><td>$22,483,945<\/td><td>+148%<\/td><\/tr><tr><td>Iowa<\/td><td>$10,906,708<\/td><td>161<\/td><td>$67,743.53<\/td><td>$16,716,697<\/td><td>-35%<\/td><\/tr><tr><td>Kansas<\/td><td>$19,761,290<\/td><td>143<\/td><td>$138,190.84<\/td><td>$21,789,894<\/td><td>-9%<\/td><\/tr><tr><td>Kentucky<\/td><td>$20,269,246<\/td><td>164<\/td><td>$123,592.96<\/td><td>$13,641,891<\/td><td>+49%<\/td><\/tr><tr><td>Louisiana<\/td><td>$17,565,708<\/td><td>167<\/td><td>$105,183.88<\/td><td>$18,467,023<\/td><td>-5%<\/td><\/tr><tr><td>Maine<\/td><td>$4,516,013<\/td><td>54<\/td><td>$83,629.87<\/td><td>$5,347,402<\/td><td>-16%<\/td><\/tr><tr><td>Maryland<\/td><td>$55,021,852<\/td><td>412<\/td><td>$133,548.18<\/td><td>$43,217,922<\/td><td>+27%<\/td><\/tr><tr><td>Massachusetts<\/td><td>$65,960,320<\/td><td>501<\/td><td>$131,657.33<\/td><td>$72,232,592<\/td><td>-9%<\/td><\/tr><tr><td>Michigan<\/td><td>$50,623,006<\/td><td>561<\/td><td>$90,237.09<\/td><td>$68,721,629<\/td><td>-26%<\/td><\/tr><tr><td>Minnesota<\/td><td>$69,732,152<\/td><td>321<\/td><td>$217,234.12<\/td><td>$24,935,817<\/td><td>+180%<\/td><\/tr><tr><td>Mississippi<\/td><td>$7,399,653<\/td><td>71<\/td><td>$104,220.46<\/td><td>$14,672,094<\/td><td>-50%<\/td><\/tr><tr><td>Missouri<\/td><td>$30,188,586<\/td><td>339<\/td><td>$89,051.88<\/td><td>$49,116,067<\/td><td>-39%<\/td><\/tr><tr><td>Montana<\/td><td>$3,891,985<\/td><td>83<\/td><td>$46,891.39<\/td><td>$7,148,037<\/td><td>-46%<\/td><\/tr><tr><td>Nebraska<\/td><td>$10,538,005<\/td><td>105<\/td><td>$100,361.95<\/td><td>$5,359,750<\/td><td>+97%<\/td><\/tr><tr><td>Nevada<\/td><td>$46,004,149<\/td><td>235<\/td><td>$195,762.34<\/td><td>$27,786,876<\/td><td>+66%<\/td><\/tr><tr><td>New Hampshire<\/td><td>$6,995,141<\/td><td>106<\/td><td>$65,991.90<\/td><td>$2,593,546<\/td><td>+170%<\/td><\/tr><tr><td>New Jersey<\/td><td>$140,070,206<\/td><td>628<\/td><td>$223,041.73<\/td><td>$62,949,746<\/td><td>+123%<\/td><\/tr><tr><td>New Mexico<\/td><td>$3,775,992<\/td><td>83<\/td><td>$45,493.88<\/td><td>$6,881,044<\/td><td>-45%<\/td><\/tr><tr><td>New York<\/td><td>$216,249,339<\/td><td>1324<\/td><td>$163,330.32<\/td><td>$216,192,152<\/td><td>+.03%<\/td><\/tr><tr><td>North Carolina<\/td><td>$69,988,104<\/td><td>596<\/td><td>$117,429.70<\/td><td>$52,718,983<\/td><td>+33%<\/td><\/tr><tr><td>North Dakota<\/td><td>$4,692,621<\/td><td>46<\/td><td>$102,013.50<\/td><td>$2,720,709<\/td><td>+72%<\/td><\/tr><tr><td>Ohio<\/td><td>$59,124,423<\/td><td>565<\/td><td>$104,645.00<\/td><td>$55,234,618<\/td><td>+7%<\/td><\/tr><tr><td>Oklahoma<\/td><td>$22,651,833<\/td><td>208<\/td><td>$108,903.03<\/td><td>$31,445,399<\/td><td>-28%<\/td><\/tr><tr><td>Oregon<\/td><td>$22,817,664<\/td><td>301<\/td><td>$75,806.19<\/td><td>$30,108,808<\/td><td>-24%<\/td><\/tr><tr><td>Pennsylvania<\/td><td>$96,052,798<\/td><td>731<\/td><td>$131,399.18<\/td><td>$92,550,017<\/td><td>+4%<\/td><\/tr><tr><td>Rhode Island<\/td><td>$14,195,616<\/td><td>62<\/td><td>$228,961.55<\/td><td>$8,992,082<\/td><td>+58%<\/td><\/tr><tr><td>South Carolina<\/td><td>$30,639,826<\/td><td>384<\/td><td>$79,791.21<\/td><td>$46,858,072<\/td><td>-35%<\/td><\/tr><tr><td>South Dakota<\/td><td>$5,142,217<\/td><td>40<\/td><td>$128,555.42<\/td><td>$2,532,512<\/td><td>+103%<\/td><\/tr><tr><td>Tennessee<\/td><td>$49,883,412<\/td><td>368<\/td><td>$135,552.75<\/td><td>$46,637,795<\/td><td>+7%<\/td><\/tr><tr><td>Texas<\/td><td>$294,849,405<\/td><td>1,917<\/td><td>$153,807.72<\/td><td>$260,206,398<\/td><td>+13%<\/td><\/tr><tr><td>Utah<\/td><td>$38,595,361<\/td><td>224<\/td><td>$171,300.72<\/td><td>$26,231,307<\/td><td>+47%<\/td><\/tr><tr><td>Vermont<\/td><td>$1,207,190<\/td><td>41<\/td><td>$29,443.66<\/td><td>$6,755,695<\/td><td>-82%<\/td><\/tr><tr><td>Virginia<\/td><td>$63,282,523<\/td><td>600<\/td><td>$105,470.87<\/td><td>$56,360,110<\/td><td>+12%<\/td><\/tr><tr><td>Washington<\/td><td>$54,603,486<\/td><td>552<\/td><td>$98,919.36<\/td><td>$43,920,897<\/td><td>+24%<\/td><\/tr><tr><td>West Virginia<\/td><td>$3,687,868<\/td><td>41<\/td><td>$89,948.00<\/td><td>$4,268,151<\/td><td>-14%<\/td><\/tr><tr><td>Wisconsin<\/td><td>$30,437,803<\/td><td>279<\/td><td>$109,096.07<\/td><td>$47,023,205<\/td><td>-35%<\/td><\/tr><tr><td>Wyoming<\/td><td>$2,302,076<\/td><td>46<\/td><td>$50,045.13<\/td><td>$2,509,854<\/td><td>-8%<\/td><\/tr><\/tbody><\/table><figcaption class=\"wp-element-caption\"><em>Data caption: The average loss per victim data and year-over-year changes from 2022 to 2023 were calculated based on data shared in the FBI IC3\u2019s State Report tool data from <em><a href=\"https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2022State\/StateReport.aspx#?s=34\">2022<\/a> and <a href=\"https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2023State\/StateReport.aspx\">2023<\/a><\/em>.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">As far as business email compromise statistics go for 2023, this brings the total to $2,763,481,093 in reported losses for 21,116 complainants in the 50 U.S. states and Washington D.C. (i.e., the District of Columbia). Again, just as a reminder, this BEC statistic doesn\u2019t include victims outside those 50 states and Washington D.C., so just keep that in mind.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Wondering which states faced the highest average reported losses by victim? Wonder no more:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"612\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/03\/bec-statistics-states-highest-reported-losses-1024x612.png\" alt=\"Business email compromise statistics 2023 graphic: A bar chart that shows the five states with the highest average individual losses from BEC scams in 2023\" class=\"wp-image-17650\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/03\/bec-statistics-states-highest-reported-losses-1024x612.png 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/03\/bec-statistics-states-highest-reported-losses-300x179.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/03\/bec-statistics-states-highest-reported-losses-768x459.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/03\/bec-statistics-states-highest-reported-losses-400x240.png 400w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/03\/bec-statistics-states-highest-reported-losses-460x276.png 460w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/03\/bec-statistics-states-highest-reported-losses.png 1075w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Data source: FBI IC3 Internet Crime Report 2023.<\/em><\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-other-u-s-territories-also-faced-bec-scams-in-2023\">Other U.S. Territories Also Faced BEC Scams in 2023<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">In its calculations, the IC3\u2019s researchers also lumped in data from several U.S. territories. The data also counts toward that overarching $2.9 billion dollars in reported losses from BEC scams in 2023:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>American Samoa: <\/strong>1 victim reported $271,000 in losses.<\/li>\n\n\n\n<li><strong>Guam: <\/strong>5 victims reported $76,567 in total losses (an average of $15,313.40 per victim)<\/li>\n\n\n\n<li><strong>Northern Mariana Islands:<\/strong> (The report shows no victims reported losses, but it was still included in the list of covered territories)<\/li>\n\n\n\n<li><strong>Puerto Rico: <\/strong>42 victims reported $4,532,407 in total losses (an average of $107,914.45 per victim)<\/li>\n\n\n\n<li><strong>U.S. Minor Outlying Islands:<\/strong> 5 victims reported $178,228 in total losses (an average of $35,645.60 per victim)<\/li>\n\n\n\n<li><strong>U.S. Virgin Islands: <\/strong>7 victims reported $2,137,025 in total losses (an average of $305,289.29 per victim)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-3-steps-to-avoid-becoming-a-business-email-compromise-scam-victim\">3 Steps to Avoid Becoming a Business Email Compromise Scam Victim<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Don\u2019t want your organization to be included in the IC3\u2019s future business email compromise statistics? We don\u2019t blame you \u2014 that should be every company\u2019s goal. Here are some of the ways to avoid suffering the same fate:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-educate-your-employees-to-increase-their-cyber-awareness-and-hygiene\">1. Educate Your Employees to Increase Their Cyber Awareness and Hygiene<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Virtually every organization\u2019s first line of defense is its \u201chuman firewall.\u201d If your employees fail to recognize scam tactics or don\u2019t practice good cyber security hygiene (e.g., following <a href=\"https:\/\/www.thesslstore.com\/blog\/password-security-what-your-organization-needs-to-know\/\">password security<\/a> best practices), then you\u2019re likely to find yourself making bad headlines.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Teach your employees how to recognize BEC threats and spoof messages.<\/li>\n\n\n\n<li>Remind them to scrutinize any requests to see if they make sense. (Think critically by asking questions like \u201cwho is requesting the funds?\u201d and \u201cwhy are they requesting the transfer?)<\/li>\n\n\n\n<li>Provide real-world examples of BEC and phishing emails.<\/li>\n\n\n\n<li>Implement simulated phishing and BEC attacks to gauge your employees\u2019 levels of awareness and ability to put into action what they\u2019ve learned.<\/li>\n\n\n\n<li>Instruct them on how to set up secure passwords.<\/li>\n\n\n\n<li>Provide employees with access to a password management system and instruct them on how to use it securely.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">You can use the results of simulated tests to make improvements to future training sessions and materials.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-implement-additional-layers-of-security-to-your-accounts\">2. Implement Additional Layers of Security to Your Accounts<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">There are plenty of ways to increase the security of your accounts beyond educating your employees. There are various security tools and resources you can implement:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>PKI-based email authentication:<\/strong> This approach uses digital certificates (called S\/MIME certificates) and public key cryptography to add cryptographic digital signatures to your emails. As an added bonus, these certificates also enable you to send encrypted emails to other S\/MIME users who send you their public keys. (The easiest way to do this is to have them send a digitally signed email to you.)<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-central-palette-2-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/www.thesslstore.com\/products\/email-document-signing-certificates.aspx\" style=\"border-radius:3px;color:#ffffff\">Shop Email Signing Certificates<\/a><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Multi-factor authentication (MFA)<\/strong> or <a href=\"https:\/\/www.thesslstore.com\/blog\/single-sign-on\/\"><strong>single-sign on (SSO)<\/strong><\/a><strong>:<\/strong> Using one of these identity verification mechanisms makes it more challenging for bad guys to gain access to your legitimate accounts.<\/li>\n\n\n\n<li><strong>DNS records for your email domain.<\/strong> Setting up a <a href=\"https:\/\/www.thesslstore.com\/blog\/email-security-spf\/\">sender policy framework (SPF)<\/a>, <a href=\"https:\/\/www.thesslstore.com\/blog\/dkim-domainkeys-identified-mail\/\">domain keys identified mail (DKIM)<\/a>, and <a href=\"https:\/\/www.thesslstore.com\/blog\/dmarc-reporting-and-email\/\">domain message authentication reporting and conformance (DMARC)<\/a> records can help prevent unauthorized users from sending messages from your domain. It also gives servers reporting instructions regarding fraudulent messages they receive so you\u2019re aware of potentially malicious activities from your domain.<\/li>\n\n\n\n<li><strong>Use verified mark certificates to brand your mail.<\/strong> Together, VMCs and brand indicators for message identification (BIMI) enable you to display your verified brand logo in recipients\u2019 inboxes so there\u2019s no question about whether your emails are authentic.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-central-palette-2-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/www.thesslstore.com\/digicert\/verified-mark-certificate.aspx\" style=\"border-radius:3px;color:#ffffff\">Shop Verified Mark Certificates<\/a><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You can also use log- and network-monitoring tools to keep an eye on your traffic and what IP addresses people are using to sign into your organization\u2019s accounts.<\/p>\n\n\n\n<div class=\"wp-block-advanced-gutenberg-blocks-notice is-variation-info has-icon\" data-type=\"info\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><circle cx=\"12\" cy=\"12\" r=\"10\"><\/circle><line x1=\"12\" y1=\"16\" x2=\"12\" y2=\"12\"><\/line><line x1=\"12\" y1=\"8\" x2=\"12\" y2=\"8\"><\/line><\/svg><p class=\"wp-block-advanced-gutenberg-blocks-notice__title\">Wondering How to Secure Your Email Servers?<\/p><p class=\"wp-block-advanced-gutenberg-blocks-notice__content\"><strong>Related Resource:<\/strong> <a href=\"https:\/\/www.thesslstore.com\/blog\/10-email-server-security-best-practices-to-secure-your-email-server\/\">10 Email Server Security Best Practices to Secure Your Email Server<\/a><\/p><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-implement-enforce-request-verification-procedures\">3. Implement &amp; Enforce Request Verification Procedures<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Create documented procedures that employees must follow before they can transfer funds or respond to requests for sensitive information. A few examples of what some of these processes may look like include the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Verify the emailer\u2019s identity via an official channel.<\/strong> Teach employees to call the alleged employee or vendor who reached out using an official company telephone number. If the supposed caller works in the same building, instruct employees to go speak with the person face to face. Either method is a way to verify the person is authentic and not an imposter. <em><strong>Never<\/strong><\/em> use a phone number or email address provided by the person who reached out to you. &nbsp;<\/li>\n\n\n\n<li><strong>Requiring employees to verify the request using a call-back method.<\/strong> Instruct employees to get authorization for any wire transfers, gift card purchases, or requests for sensitive data. Set up a specific internal phone number for employees to call for authorization.<\/li>\n\n\n\n<li><strong>Teach employees to ask questions when receiving phone or video calls. <\/strong>We\u2019ve talked about the <a href=\"https:\/\/www.thesslstore.com\/blog\/dangers-of-generative-ai-whats-being-done-to-address-them\/\">dangers of generative AI technologies<\/a> and how <a href=\"https:\/\/www.thesslstore.com\/blog\/dangers-of-generative-ai-whats-being-done-to-address-them\/\">bad guys are video and audio deepfakes<\/a> to carry out fraudulent wire transfer requests. Some threat actors use emails to request phone calls or video meetings where they use AI deepfakes. One way to help avoid falling for these scams is to ask questions to see if the caller responds. If they ignore your inquiries or talk over you without any acknowledgment that you\u2019ve said something, that\u2019s a big red flag.<\/li>\n<\/ul>\n\n\n<span style=\"--tl-form-height-m:801.312px;--tl-form-height-t:638.344px;--tl-form-height-d:638.344px;\" class=\"tl-placeholder-f-type-shortcode_12763 tl-preload-form\"><span><\/span><\/span>","protected":false},"excerpt":{"rendered":"<p>Data from the FBI Internet Crime Complaint Center (IC3) indicates that reported business email compromise scam losses are up nearly 58% since 2020. See where your state stands regarding the&#8230;<\/p>\n","protected":false},"author":17,"featured_media":17649,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16,10200],"tags":[13271,13163,10083],"class_list":["post-17647","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","category-monthly-digest","tag-bec-statistics","tag-business-email-compromise","tag-statistics","post-with-tags"],"views":16175,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/03\/business-email-compromise-statisics-feature.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/17647","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=17647"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/17647\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/17649"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=17647"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=17647"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=17647"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}