Barclays Bank has launched a new awareness-raising campaign designed to help corporates spot and prevent the growing prevalence of so-called Business Email Compromise (BEC) scams.
Also known as ‘whaling,’ this type of fraud typically features a scammer who spoofs the email address of a company CEO in an attempt to trick a member of the finance team into urgently transferring corporate funds to a third party bank account.
The lender’s new video is designed to encourage employees to stop and think on such occasions, scrutinize the sender’s email addresses more carefully and double check with a senior colleague on any unusual requests from the ‘higher-ups.’
It suggests that there are a large number of businesses in the UK which have a healthy enough balance sheet to make payments in the tens of thousands of pounds but are not organized enough to have strict processes governing such transfers – the sweet spot for BEC fraudsters.
Some 91% of business leaders claimed last year that cybersecurity was important, but just 57% had a formal plan in place to protect the business, and only one in five held insurance against an attack, according to a Barclays/IoD poll.
Figures released by the National Fraud Intelligence Bureau last year revealed that UK businesses lost an estimated £32 million to CEO fraud between July 2015 and January 2016.
The rise in such scams doesn’t just have a financial impact on targeted organizations. In May last year Austrian aerospace manufacturer FACC sacked its CEO after a massive whaling attack which cost the company €50 million ($55.8m).
Security giant Trend Micro suggested in its 2017 predictions report The Next Tier that cyber-criminals would increasingly eschew ransomware for BEC attacks this year because of the bigger rewards on offer.
It claimed the average payout for a whaling scam is now at $140,000, versus just one Bitcoin ($920) for ransomware.