PYMNTS-MonitorEdge-May-2024

Small Businesses Increasingly Targeted by BEC Scams and Other Internet Crimes 

Criminals are using BEC scams against small businesses to steal hundred-thousand-dollar food shipments. 

They are spoofing emails and domains to impersonate employees at real firms, according to a joint Cybersecurity Advisory (CSA) issued Thursday (Dec. 15) by the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI) and the U.S. Department of Agriculture (USDA). 

Having done so, the criminals then order shipments of food products, don’t pay for them, repackage them for individual sale and sell them, according to the CSA. 

In examples of recent BEC scams, criminals placed orders using email addresses and websites that closely mimicked legitimate ones, with only an extra letter, a substitute character or a different top-level domain distinguishing them from those of a legitimate company — differences that can easily be overlooked by a supplier’s staff. 

Across industries, BEC schemes cost American businesses nearly $2.4 billion and resulted in 19,954 complaints to FBI’s Internet Crime Complaint Center (IC3) in 2021, according to the most recent FBI Internet Crime Report

As PYMNTS reported at the time of the report’s release, Americans’ losses to internet crime totaled a record $6.9 billion in 2021, which was 7% higher than the year before. 

Together with BEC, these crimes include SIM swaps, employment schemes, tech support fakes, auction fraud and romance scams. 

The FBI report also showed that cybercrooks are going for lucrative targets like financial service and healthcare, they are increasingly impersonating customer support agents, and their top tactics are now spoofing (falsified emails, phone calls and forged websites) and seeking sensitive data using email and social media. 

Today, cyberattacks and hackers are increasingly targeting small and medium-sized businesses (SMBs), CNBC reported Friday (Dec. 16). 

That’s because a growing number of large businesses are investing in cybersecurity tools while many SMBs are not, according to the report. 

“So what the cybercriminals are doing is they’re pivoting, they’re evolving and targeting the soft targets, which are the small and medium businesses,” FBI Supervisory Special Agent Michael Sohn said in the report. 

Sohn suggested that SMBs follow basic password good practices, use reputable products and services, update their software, encrypt their data and back it up offline and be wary of emails that appear to be from colleagues, clients or vendors that don’t seem quite right. 

PYMNTS-MonitorEdge-May-2024