A report released by the Securities and Exchange Commission recently warns public companies in several industries of the need to review existing internal accounting controls, specifically in response to cyber threats. The SEC Enforcement Division, who compiled the report, found that business email compromise (BEC) – a form of phishing – accounted for $5 billion in losses for the companies investigated by the Division since 2013. In 2017 alone, there were $675 million in losses due to cyber fraud recorded.
The investigation that spawned the report delved into existing accounting controls for nine entities which had been the victim of phishing and contributed to the $5 billion total. Some of those surveyed had targeted repeatedly and made multiple transfers to fraudulent accounts before the duplicity was discovered. One company had lost over $45 million to the scam over the course of 14 wire payments before they were alerted by a bank overseas.
The phishing emails typically involved a fake account purporting to be either an executive or a vendor with whom the organization was conducting business. A worrying trend the SEC found in cases involving the former was that the emails were sent specifically to accounting personnel who generally had little or no interaction with the executive being spoofed. They also used the names of actual law firms and individual attorneys to pressure the victims into believing the wire transfer requests were urgent and to give the messages an air of legitimacy.
The SEC has been increasingly demonstrating a more committed approach to investigating cyber fraud, and has signaled a stricter stance on enforcing cybersecurity practices among financial and real estate organizations. Both federal and state agencies are taking the threat of cybercrime much more seriously as it pertains to financial controls, but more importantly by how much customer data is at risk if a network is breached. The sterner regulatory attitudes will place greater compliance requirements on organizations in areas such as retail, finance and real estate that will include displaying at least basic network security best practices.
Read our blog, Title Agents Can lose Millions from Scams Not Even the FBI Can Detect, to learn more about how BEC can affect title insurance agents and how severe the damage can become.
If you’re interested in learning about how you can train employee’s how to spot phishing emails to protect against these types of attacks read about our phishing defender employee awareness training.