How can employers help prevent Business Email Compromise?

As society increased its reliance on technology during the global pandemic, cyber criminals took advantage of this increased digital activity by going on an internet “crime spree,” according to the FBI.¹ 

• Over the last 5-years, the FBI’s Internet Crime Complaint Center (IC3) received 3.26 million cyber-related complaints, with losses of over $27.6 billion. Despite a relatively similar number of complaints over the last 3-years, victim losses attributable to internet-related scams across the globe reached new levels in 2022 totaling $10.3 billion.¹
• Business Email Compromise (BEC) scams accounted for 21,832 of these complaints and continue to cost the most — with losses of over $2.7 billion.¹

What is Business Email Compromise (BEC)? 

BEC is a scam in which the cyber-criminal compromises the email accounts of victims to send fraudulent payment instructions and/or uses email to impersonate a business executive to access employee payroll, W2 information or steal data. While criminals can target virtually any industry, the Healthcare, Education, Government and Corporate sectors are especially vulnerable to exploitations.

Here are a few actionable steps you can take as an employer to prevent your organization from being the next headline and BEC statistic:

1. Alert, educate and train your workforce on the potential threat of BEC, including preventative strategies.
2. Instruct employees on how to handle suspicious emails, especially emails with hyperlinks.
3. Direct employees to channel suspicious emails to a designated department, like IT security. 
4. Monitor employee logins and logins after hours.
5. Restrict access to sensitive information and enable multi-factor authentication.

The FBI requests BEC victims file a complaint, regardless of dollar loss or date of the incident, with the IC3.

Learn about Voya’s commitment to customer security.