As hard as it may be for the previous generation to remember and the current generation to imagine, once upon a time invoices were typed out or even written by hand and then mailed by merchants to customers. In response, customers wrote out checks or paid their banks to issue a cashier’s check, which they then mailed back to their suppliers. That was the process for everyone, from individuals to large corporations. Sounds rather primitive today, but back then there simply was no alternative to the postage stamp.
Computerization, automation, PayPal, smartphone apps, electronic payments, and email have rendered all that a thing of the past. And in so doing they created a niche for scammers that became known as business email compromise (BEC) scams. BEC scams have grown exponentially over the years and are now regarded as something of a plague. One of the reasons why is that they’re relatively simple to initiate, they require very few advanced skills to operate and they can be hard to spot.
How Does a BEC Scam Work?
The scammer first does as much research as possible on two target companies: the prospective merchant and the prospective customer. That’s not particularly difficult to do. Sales of equipment by manufacturers to large corporations, for example, are often reported in the press. If a small local merchant is targeted, the scammer can simply visit in person and see what’s now being installed or what’s new on the shelf. But even that may be beyond what’s necessary. Every business buys computers, installs Windows, requires telephones and a PBX, fax machines, routers, and plenty of other communications equipment. Supermarkets require shopping carts. Oil refineries require pipes. Airlines require jet fuel. When such commodities are bought in bulk, a legitimate invoice can amount to tens of thousands of dollars.
Sophisticated scammers employ malware to hack into the computer networks of billing departments in order to obtain lists of real customers. Those who don’t have access to such advanced technology can always call the targeted victim, introduce themselves as a supplier and ask who the invoice should be sent to.
Once that minimal amount of information has been harvested the scammer will spoof an email invoice from the targeted merchant and send it to the targeted customer. But payment is requested electronically to an account controlled by the scammer, not the supplier being spoofed. To lend an aura of legitimacy, the fake invoice may be accompanied by a forged email to the corporate official who must approve it sent in the name of a real contact. Even if, say, one out of every 10 spoofed invoices are paid, that’s big money.
How Big a Problem Is It?
Statistics compiled by the Federal Bureau of Investigation (FBI), BEC scams targeting U.S. businesses netted $675 million in 2017. In 2018 losses reached an estimated $1.2 billion. But BEC, of course, is an international problem that can strike anywhere. Worldwide loses may now be somewhere between $3 to $5 billion.
And this sum is expected to continue to rise. That is because BEC scams can be difficult to detect at first since the emails that deliver the phony invoices tend to come from (compromised) legitimate accounts, which victims tend to trust.
If you think you’ve been the victim of a BEC scam, contact the fund recovery experts at MyChargeBack.