Corporates Brace For BEC Scam Ramp-Up

Cybersecurity experts are warning that the next year, and beyond, will continue to present an elevated threat level to businesses at risk of payments fraud — and governments are taking steps to react accordingly.

In Ireland, police are sounding the alarm on the threat of B2B payments fraud after multiple businesses lost hundreds of thousands of dollars to business email compromise (BEC) scams.

Meanwhile, in the U.K., consumer advocates are raising concerns that an existing, voluntary code in the banking sector is set to see its compensation fund expire at the end of the year, leaving fraud victims unprotected and without a way to recoup losses.

In the U.S., cybersecurity technology companies are taking measures to raise awareness and combat corporate payment fraud risks.

Below, PYMNTS breaks down the data behind the latest news in corporate payments fraud.

The next 12-18 months will see a rise in vendor email compromise (VEC) risk, according to Crane Hassold, Agari Cyber Intelligence Division’s head of threat research. Hassold provided a public comment on the vendor email compromise scam. Unlike the BEC, the VEC scam involves a cybercriminal infiltrating a vendor’s email account to send a request for payment (whereas the BEC scam often involves fake, although similar, email addresses and messages).

About 50 percent of corporate fraud attempts involve bank deposit scams, according to corporate payment fraud technology firm SIS-id. The company recently announced a partnership with Tradeshift to integrate its fraud protection into the supply chain payments platform. Their collaboration aims to reduce the time it takes for professionals to manually analyze transaction information and detect potentially fraudulent payments, particularly targeting the threat of fraudsters tricking accounts payable (AP) teams into making payments into fraudulent suppliers’ accounts.

More than 1 million British pounds is currently lost to financial scams in the U.K., according to recent reports from The Guardian. With a government scheme that aims to compensate victims of bank transfer scams slated to end this year, reports are warning that fraud victims will be left unprotected in 2020 — a scenario consumer protection group Which? explained means “a return to the dark days of blameless victims losing their life savings to this devastating crime.” The government and financial services sector are now exploring how to address the issue after payment group Pay.UK rejected a proposal that would have imposed a levy on banks to contribute to a collective fund for fraud victim compensation.

$500,000 in losses were reported from one Irish company, reports in TheJournal.ie said last week, noting that Ireland’s gardaí have issued warnings to businesses over the threat of the BEC scam. In addition to one company’s $500,000 in losses, reports said another business lost more than 200,000 euros to the scam. “Trust no email full stop,” is the advice that gardaí are giving to Irish small businesses.

$8.5 million was stolen in an embezzlement scheme at construction company Marco Contractors, according to Pittsburgh Post-Gazette reports. The former controller at the firm, Sue O’Neill, reportedly admitted to the fraud in federal court last week, a scam she said involved manipulation of the firm’s payroll processes as well as accounts payable (AP). Reports noted that O’Neill allegedly issued payroll checks deposited directly into a separate company account, while also initiating wire transfers and writing company checks made payable to that company, subsequently manipulating AP records to suggest they were legitimate vendor payments.