Analyzes business email compromise (BEC) scams where attackers impersonate executives or vendors to trick employees into transferring funds or sharing sensitive data. Covers detection methods, employee training approaches, and technical controls to prevent BEC attacks.
posts
A Single Email Cost This Company $47 Million In 2015, Ubiquiti Networks disclosed that attackers impersonating company executives tricked finance employees into wiring $46.7 million to overseas accounts controlled by threat actors. No malware. No zero-day exploit. Just a carefully crafted CEO fraud email scam that exploited trust, urgency,
The CEO Who Wired $47 Million to a Threat Actor In 2016, Austrian aerospace manufacturer FACC fired its CEO after the company lost €42 million (roughly $47 million) in a business email compromise attack. A threat actor impersonated the CEO via email and convinced a finance employee to wire funds
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated category of fake email — caused adjusted losses exceeding $2.9 billion in a single year. That wasn't from exotic zero-day exploits. It was from emails that looked real but weren'
The Fake Mail That Drained $37 Million In 2024, Toyota Boshoku Corporation disclosed a business email compromise attack where a threat actor used fake mail to trick a finance executive into wiring approximately $37 million to a fraudulent bank account. The email looked legitimate. The sender address was nearly identical
A Single Fake Email Cost This Company $37 Million In 2024, the FBI's Internet Crime Complaint Center (IC3) reported that Business Email Compromise (BEC) schemes — built entirely on fake emails — accounted for over $2.9 billion in adjusted losses across the United States. That figure only captures what
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — attacks built on fakeemail addresses and spoofed sender identities — accounted for over $2.9 billion in adjusted losses. That made it the single most financially devastating cybercrime category they tracked. Not ransomware. Not cryptojacking. Fake
In March 2024, a finance employee at a UK-based engineering firm wired $25 million to threat actors after a deepfake video call. The attackers had spoofed the company's CFO — but the entire attack chain started with a single phishing email. That first message contained at least four classic
One Invoice, One Email, $47 Million Gone In 2024, Orion Engineering lost $47 million to a single fraudulent wire transfer. The attacker didn't hack a firewall or exploit a zero-day. They compromised a vendor's email account, inserted themselves into an ongoing invoice thread, and changed the
A Single Email Cost This Company $46.7 Million In 2015, Ubiquiti Networks disclosed that threat actors impersonated senior executives and tricked employees into wiring $46.7 million to overseas accounts. The attackers didn't exploit a software vulnerability. They didn't deploy ransomware. They sent emails — carefully
A Single Email Cost This Company $47 Million In 2015, Ubiquiti Networks disclosed that threat actors used a CEO fraud email scam to trick finance employees into wiring $46.7 million to overseas accounts controlled by attackers. The emails looked like routine requests from senior executives. No malware was involved.
