Infographic: FBI PSA Warns About The Rise in Business Email Compromise (BEC)

The FBI IC3’s June 2023 PSA (Alert Number 1-060923-PSA) reveals cybercrime — more specifically business email compromise (BEC) — growing in intensity. According to the report, business email compromise within real estate was at an all-time high with reported victim loss totaling nearly $446M.

Awareness is critical to fighting fraud. To help you understand the growing threat, we’ve compiled key takeaways from the report, provided a refresher on business email compromise, and included an infographic you can download and share to educate your partners and customers below.

What are the key takeaways from the FBI IC3’s June 2023 PSA?

The latest report showed a dramatic rise in scams targeting real estate in 2022. All parties — including buyers, sellers, and agents — were unfortunate victims of fraud in 2022. Here are key statistics from the report:
‍

1. There was a 72% increase in real estate BEC from 2020. The pandemic housing boom was a breeding ground for fraudsters as home prices skyrocketed and closings and communication went almost entirely virtual.

2. There were over 2,282 reported real estate BEC victims in 2022. It’s suggested that the quick rise in home costs and opportunity attracted fraudsters. Real estate professionals of all types — from title agents to attorneys — were victims of business email compromise.
   ‍

3. There was nearly $446M in victim loss due to real estate BEC. This is a record amount of fraud for the industry. Denominated in $1 bills stacked end-to-end, this would span the length of 400 football fields!

For more, review the full I-060923-PSA alert on ic3.gov.

What is business email compromise (BEC)?

Business email compromise is a sophisticated cyber attack involving the impersonation of a trusted contact.

It begins when hackers gain access to critical accounts and data via phishing. Once email accounts are compromised, fraudsters can set up automated techniques to avoid detection, impersonate the account, and manipulate the transaction to their benefit. Funds are frequently directed into cryptocurrency wallets and transferred from account to account to create a complex and nearly untraceable network of fraudulent transactions.
‍

Who is a target for business email compromise?

No one is immune to business email compromise. Business email compromise exists in all 50 states and over 177 countries. The increased reliance on virtual transactions and digital communications over the last few years has made businesses of all sizes more susceptible to fraudsters.
‍

How do criminals compromise email accounts?

Fraudsters browse publically accessible information through social media or online directory sites to learn about a victim, impersonate a key contact, and exploit their trust. And spotting their attempts is difficult. In many cases, fraudsters simply insert a hyphen or change a single letter from a trusted domain or email address. This subtle deception paired with familiar language and “urgent” requests to wire the funds is called social engineering.

It only takes one successful attempt to derail a transaction and steal funds or learn sensitive data like social security numbers, wage and tax information, or other personally identifiable information (PPI).
‍

How can I protect myself from business email compromise?

The FBI recommends a few ways to stay ahead of business email compromise and other types of cybercrime attacks.
‍

1. Stay vigilant. Fraudsters change their tactics often. It’s important to know the common signs of fraud so you don’t fall into their sophisticated social engineering traps.
2. Turn on two-factor authentication (2FA). Add an extra layer of protection to your email accounts with 2FA. This requires an additional device or app to allow you to sign in (and keep fraudsters out — even if they have your password).
3. Verify transactions. Always call and verify bank account information on the phone or in person.
4. Be wary of sending sensitive information via unsecured emails. You wouldn’t openly give your wallet to a stranger; don’t let your email communications become their criminal playground.
5. Monitor your accounts regularly. You know your accounts better than anymore. Keep an eye out for unexpected activity and report anything suspicious to your bank.
   ‍

It’s up to you to stop fraud

The June PSA represents the growing threat of business email compromise to professionals and businesses worldwide. No matter your role within your organization, it’s crucial to educate yourself to protect your transactions and customers. We hope the infographic below can help you spread awareness of the rise in real estate business email compromise (BEC).

For more on fraud protection and prevention, subscribe to our weekly newsletter The Wire. And if you or someone you know has become a victim of fraud, speak to one of our experts. We can help you recover funds or stop wire fraud from happening in the first place.
‍