by Avi Gesser, Clara Y. Kim, and Thomas Harris-Warrick (The Crypsis Group)
We first wrote about Business Email Compromise (“BEC”) scams in 2015. Over the last four years, these attacks have continued unabated. According to the FBI (PDF: 1.77 MB), in just the last year alone, there were over 20,000 reported BEC scams, with adjusted losses of over $1.2 billion. One reason this threat persists is that cybercriminals have used increasingly sophisticated methods to trick companies into wiring money to them instead of the legitimate payee.
Indeed, in a twist on traditional BEC scams, a fraudster recently used an AI-based software to mimic the voice of a CEO on the phone, successfully tricking another executive into sending money to a supplier. The AI was sophisticated enough that it was able to recreate the slight German accent of the CEO such that the executive thought he recognized his CEO’s voice. With the rise of AI and deepfakes, BEC scams may get harder to detect, so it is worth revisiting the measures companies should consider employing to reduce those risks. Continue reading