What is Business Email Compromise (BEC) Fraud?
Business Email Compromise (BEC) is a type of fraud that targets employees in a business. It involves criminals gaining unauthorized access to business email accounts to deceive employees into performing fraudulent actions they are led to believe are authorized by a manager or other person of authority. Actions include initiating unauthorized wire transfers, diverting funds, disclosing sensitive information, or making unauthorized changes to financial accounts. BEC fraud typically relies on social engineering techniques (establishing authority, urgency, and an action), computer intrusions, and impersonation tactics to manipulate employees into believing they are interacting with a legitimate sender and induce a fraudulent payment.
As BEC fraud has become increasingly prevalent and sophisticated, it poses significant challenges for organizations of all sizes in any industry. Three of the most common types of BEC Fraud are:
- CEO Fraud: In this type of BEC fraud, criminals impersonate high-level executives within an organization, such as the CEO. They target employees responsible for financial transactions and issue urgent requests for funds transfers, often under the pretense of confidential or time-sensitive matters such as an acquisition in progress.
- Invoice Fraud: In invoice fraud, fraudsters manipulate, or forge invoices sent to an organization. These fraudulent invoices may appear genuine, often containing altered bank details or payment instructions. Employees unknowingly make payments to the fraudster’s account, sometimes remaining undetected for years, resulting in financial losses.
- Attorney Impersonation: In this variant of BEC fraud, fraudsters pose as attorneys or legal representatives. They target organizations involved in high-value transactions or legal disputes, manipulating employees into transferring funds or revealing sensitive information by citing urgent legal requirements.
BEC targets employees with access to company finances who are routinely involved in transferring funds.
How can NICE Actimize Help?
NICE Actimize recognizes the complexity of combating BEC fraud and offers a range of comprehensive solutions to help organizations effectively mitigate this threat. Our approach can be broken down into three categories: detect, prevent, and mitigate.
Detect:
- BEC fraud attacks target employees with access to company finances, using methods such as social engineering and computer intrusions.
- NICE Actimize:
- Focuses on understanding the specific challenges of these events compared to other scams and differentiates the fraudster’s methods
- Identifies fraud typologies so even authorized fraud can be detected with our models
- Utilizes targeted analytics and profiling strategies
Prevent:
- Review expected customer payment patterns, corresponding vendor relationships, and customer payment history to understand normal transactions.
- NICE Actimize:
- Protects the targets who are the weakest links (employees)
- Provides controls on suspicious transactions (e.g., first time beneficiary, suspect dollar amount, etc.)
- Utilizes real-time analytics, behavioral profiling, and user-defined rules to identify risky transactions and reduce false positives
Mitigate:
Engage the operations team in a mitigation strategy with the tools and technology needed to stop BEC fraud.
- NICE Actimize:
- Routes different fraud typologies to specialized teams able to investigate and interdict the specific issue
- Uses a series of predictive features for model development, ensuring the fraud protections are never out of date
- Implements detection strategies based on advanced analytics and AI/ML
To combat Business Email Compromise (BEC) fraud that continues to pose a significant risk to organizations worldwide, NICE Actimize offers a comprehensive suite of solutions designed to detect, prevent, and mitigate the impact of BEC fraud. With NICE Actimize, organizations can enhance their defenses against BEC fraud and safeguard their financial assets and reputation.