Business Email Compromise (BEC) is internet fraud in which a business is deceived into transferring money to a criminal’s bank account by a fake email. Criminals first hack into a network and familiarize themselves with the company’s business emails, staff directories, and payment processes. Then they send a legitimate-looking email instructing a company employee to wire a payment to the criminal’s bank account.
For the past three years, BEC has been the costliest form of internet crime. More than 19,000 BEC scams were reported to the FBI in 2020, with losses totaling approximately S1.8 billion. BEC often targets small and medium-sized businesses.
BEC scams are often carried out by organized gangs operating like businesses. According to Agari, a leader in email protection solutions, 50% of these BEC gangs operate in Nigeria, 25% in the U.S., and the rest mainly in South Africa, the UK, Canada, and UAE. The FBI works with law enforcement agencies in the U.S. and internationally to counter internet crime.
If a BEC incident is reported quickly, the payment can often be traced and recovered before it is withdrawn from the scammer’s bank account. Law enforcement can follow the money trail to identify and arrest the criminals.
Over the past two years, the Nigerian Economic and Financial Crimes Commission (EFCC) has been aggressively tracking down cybercriminals. Collaborating with law enforcement agencies in the U.S. and Europe, the EFCC has arrested hundreds of cybercriminals and confiscated millions of dollars, along with real estate, luxury cars, watches, jewelry, and other assets purchased with stolen money. The EFCC actively seeks to return the recovered funds to businesses that were victims of Business Email Compromise (BEC) scams. If the EFCC is not able to return the stolen funds to companies that were victims of BEC fraud within a certain period, the confiscated money becomes the property of the Nigerian government.