Analyzes business email compromise (BEC) scams where attackers impersonate executives or vendors to trick employees into transferring funds or sharing sensitive data. Covers detection methods, employee training approaches, and technical controls to prevent BEC attacks.
posts
In January 2024, a finance worker at a multinational firm in Hong Kong transferred $25.6 million to criminals after a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The entire operation was coordinated by
Earlier this year, security researchers documented a surge in phishing campaigns that abuse legitimate DocuSign and PayPal infrastructure to deliver convincing attack emails. The twist? These messages aren't spoofed — they're actually sent through real PayPal and DocuSign servers. That's why PayPal DocuSign phishing attacks
In January 2024, a finance director at a mid-sized logistics company wired $740,000 to a bank account in Hong Kong. The email requesting the transfer appeared to come from the CEO's exact email address — correct display name, correct domain, correct signature block. It wasn't the
In January 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after a deepfake video call that started with a single phishing email. The attackers spoofed the company's CFO — and the employee never questioned it. That wire transfer began
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise accounted for $2.9 billion in adjusted losses — making it the single costliest category of cybercrime they track. Not ransomware. Not credit card fraud. Email scams where someone pretends to be your CEO, your vendor,
The $47 Million Email That Fooled a Fortune 500 CFO In 2016, an Austrian aerospace company called FACC lost €42 million (roughly $47 million USD) because a threat actor impersonated the CEO in an email to the finance department. The message requested an urgent wire transfer for a fake acquisition
In May 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes every CEO fraud email scam — caused adjusted losses exceeding $2.7 billion in 2022 alone. That made it the single most financially devastating cybercrime category the FBI tracks. Not ransomware.
In January 2022, a European subsidiary of the Japanese manufacturer Nikkei lost $29 million after a single employee followed wire transfer instructions from a fraudulent email that impersonated a senior executive. That wasn't a failure of firewalls or endpoint detection. It was a surgical, well-researched executive phishing attack
In March 2022, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — attacks built on a single convincing fake email — caused $2.4 billion in adjusted losses in 2021 alone. That made it the most financially devastating cybercrime category in the entire FBI IC3 annual report.
The $2.4 Billion Problem Sitting in Your Inbox In 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — a category driven almost entirely by fake emails — accounted for nearly $2.4 billion in adjusted losses. That made it the single costliest cybercrime type reported.
