KnowBe4 Warns U.S. of Business Email Compromise Scam

Share Article

KnowBe4 says social engineering via email a greater threat to businesses than ransomware

FBI issued scam alert

FBI warns of Business Email Compromise

The average ransom of files being held hostage is about $500 whereas the FBI numbers indicate the average loss for a BEC is a whopping $100,000. - CEO KnowBe4, Stu Sjouwerman

KnowBe4 issued an alert to warn about a growing scam that even surpasses the monetary damage of ransomware. Since late 2013, the FBI has compiled statistics on more than 7,000 US companies that have been victimized to the tune of $740 million in losses. According to the IC3, there has been a massive spike in victims and cash losses caused by a skyrocketing scam in which cyber criminals spoof emails from C-level executives at a victim organization in a bid to execute unauthorized international wire transfers.

In January 2015, the FBI released stats showing that between Oct. 1, 2013 and Dec. 1, 2014, some 1,198 companies lost a total of 179 million in business e-mail compromise (BEC) scams, (also known as “CEO fraud.”) The updated figures show an incredible 270 percent increase in identified victims and exposed losses. Taking into account international victims, the losses from BEC scams total more than 1.2 billion dollars.

KnowBe4 CEO Stu Sjouwerman said, “This scam is worse than ransomware. The average ransom of files being held hostage is about $500 whereas the FBI numbers indicate the average loss for a BEC is a whopping $100,000. A business falling for a social engineering scam such as an email compromise can have devastating effects. You don’t want to be the next Ubiquiti.”

Tech firm Ubiquiti disclosed in a quarterly financial report filed with the SEC that it suffered a whopping 46.7 million hit because of a BEC scam.

Sjouwerman noted: “There is a clear pattern to watch out for. It often begins with the scammers phishing an executive, dropping a Trojan, and gaining 24/7 access to that individual’s inbox. Then the scammers research the organization and monitor the email account for months until the right circumstances arrive, then they pounce. They spoof the CEO's address and send messages to employees in accounting from a look-alike domain name that is one or two letters off from the target company’s true domain name. “

Sjouwerman continued: “We have noticed that this scam is filtering down to the consumer level. People that are in the process of buying a house and need to transfer a sizable down payment are receiving an email from their lawyer or realtor to transfer that down payment to a certain bank account. When they call the next day to check if the money has arrived, the lawyer tells them they did not send any transfer requests, but the money has disappeared in the meantime. The same scam is done with spoofed emails from financial brokers.”

The FBI issued an additional alert about the Email Account Compromise as (EAC) targeting the general public on August 27th, 2015 noting almost $700,000 in reported losses from 21 complaints filed between April 1, 2015 and June 30, 2015.

Sjouwerman suggests,

1.    “Alert employees, from the board level down to the mail room. These scams are getting more sophisticated by the month so be on the lookout.
2.    Grab a copy of KnowBe4’s Social Engineering Red Flags fact sheet, print and laminate it, and give it to everyone.
3.    Have a dual-step process in place for bank wires, always verified by phone with trusted parties. ALWAYS, ALWAYS, ALWAYS initiate contact with the other party by phone and verify that the transfer instructions are correct before you transfer the money.“

Stepping employees through effective security awareness training to prevent social engineering attacks like the BEC or Email Account Compromise are an important and urgent initiative for any organization.

For more information visit:

About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which hosts the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help organizations manage the problem of cybercrime social engineering tactics through new school security awareness training. KnowBe4 services 1500 organizations in a variety of industries, including highly-regulated fields such as healthcare, finance, energy, government and insurance and is experiencing explosive yearly growth of 300%. Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.”

About Kevin Mitnick
Kevin Mitnick, ‘the World’s Most Famous Hacker’, is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecom devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and keynote speaker and has authored four books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC as its Chief Hacking Officer.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kathy Wattman
KnowBe4, LLC
+1 (727) 474-9950
Email >
Visit website