Business email compromise
Business email compromise attacks (BEC) are a form of cyber crime which use email fraud to attack commercial, Government and non-profit organizations to achieve a specific outcome which negatively impacts the target organization. Examples of common BEC attacks include invoice scams and spear phishing spoof attacks which are designed to gather data for other criminal activities. Often consumer privacy breaches occur as a results of a BEC attack.
Typically an attack targets specific employee roles within an organization by sending a spoof email (or series of spoof emails) which fraudulently represent a senior colleague (CEO or similar) or a trusted customer.  The email will issue instructions such as approving payments or releasing client data. The emails often use social engineering to trick the victim into making money transfers to the bank accounts of the fraudster.
The worldwide financial impact is large, with the US's FBI in 2017 reporting losses, "...now totaling over $3 billion.”
From 2016 to 2018 BEC made over $5 billion. By 2020 there are expected to be 20 billion connected IoT devices, making it easier for adversaries to successfully carry out ransomware attacks including BEC.
- Dublin Zoo lost €130,000 in a such a scam in 2017 - a total of €500,000 was taken, though most was recovered.
- Austrian aerospace firm FACC AG was defrauded of 42 million euros ($47 million) through a BEC attack in February 2016 - and subsequently fired both the CFO and CEO.
- Te Wananga o Aotearoa in New Zealand was defrauded of $120,000 (NZD).
- The New Zealand Fire Service was scammed out of $52,000 in 2015.
- Ubiquiti Networks lost $46.7 million through such a scam in 2015.
- Save the Children USA was the victim of a $1 million cyberscam in 2017.
- Australian organisations that reported BEC attacks to the The Australian Competition and Consumer Commission (ACCC) suffered approximately $2,800,000 (AUD) in financial losses for the 2018 year.
- Joan Goodchild (20 June 2018). "How to Recognize a Business Email Compromise Attack". Security Intelligence. Retrieved 11 March 2019.
- "Business E-Mail Compromise". FBI. Retrieved 20 December 2018.
- Uzialko, Adam (June 14, 2018). "19 Small Business Trends and Predictions for 2018" (PDF). Business News Daily. Retrieved February 24, 2019.
- "Austria's FACC, hit by cyber fraud, fires CEO". Reuters. 26 May 2016. Retrieved 20 December 2018.
- "Te Wananga o Aotearoa caught up in $120k financial scam". NZ Herald. Retrieved 20 December 2018.
- "Fire Service scammed out of $52,000". RNZ News. 23 December 2015. Retrieved 20 December 2018.
- Hackett, Robert (August 10, 2015). "Fraudsters duped this company into handing over $40 million". Fortune magazine. Retrieved 20 December 2018.
- Wallack, Todd (13 December 2018). "Hackers fooled Save the Children into sending $1 million to a phony account". The Boston Glob. Retrieved 20 December 2018.
- Powell, Dominic (27 November 2018). "Business loses $300,000 to 'spoofed' email scam: How to protect yourself from being impersonated". Smart Company. Retrieved 14 December 2018.