Analyzes business email compromise (BEC) scams where attackers impersonate executives or vendors to trick employees into transferring funds or sharing sensitive data. Covers detection methods, employee training approaches, and technical controls to prevent BEC attacks.
posts
The FakeEmail Problem Is Bigger Than You Think In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that covers most fakeemail schemes — accounted for $2.4 billion in adjusted losses in 2021 alone. That made it the single most financially damaging
A Perfectly Forged Invoice That Almost Worked Last month, a controller at a mid-sized logistics company forwarded me an email she'd almost clicked. It looked like a DocuSign envelope notification for a PayPal invoice — complete with the yellow DocuSign button, a legitimate-looking PayPal logo, and a $3,200
In March 2022, the FBI's Internet Crime Complaint Center reported that phishing schemes were the number one reported cybercrime in 2021 — with over 323,000 victims. That's nearly 900 people per day who fell for a fraudulent email. And those are just the ones who reported
In 2021, the FBI's Internet Crime Complaint Center received 19,954 business email compromise complaints with adjusted losses of nearly $2.4 billion. That made BEC the single most financially damaging cybercrime category — beating ransomware by a factor of almost 49 to 1. And those are just the
In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — a direct descendant of spear phishing — cost organizations over $2.4 billion in 2021 alone. That number dwarfs ransomware losses. Yet most people I talk to still think phishing means a badly written email
In 2016, an employee at Austrian aerospace firm FACC wired $47 million to a bank account controlled by criminals — because an email that looked like it came from the CEO told them to. The CEO was fired. The CFO was fired. The company's stock tanked. That single email
In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes every CEO fraud email scam — generated $1.8 billion in reported losses in 2020 alone. That made it the single most financially damaging cybercrime category in the entire IC3 report,
A Single Email Cost This Company $47 Million In 2020, the co-founder of an Australian hedge fund received what appeared to be a routine Zoom meeting invitation. He clicked it. Threat actors gained access to the fund's email system, planted fake invoices, and redirected $8.7 million in
A Single Fake Email Cost Facebook and Google $120 Million Between 2013 and 2015, a Lithuanian man named Evaldas Rimasauskas sent a series of fake email messages to employees at Facebook and Google. He impersonated a legitimate hardware vendor, complete with forged invoices and contracts. By the time both companies
In July 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — overwhelmingly powered by spoof techniques — cost victims over $1.8 billion in 2020 alone. That made it the single most financially damaging category of cybercrime they tracked. Not ransomware. Not credential theft. Spoofing-driven impersonation.
