The FBI dubbed the category of attacks “business email compromise” in an August advisory. At that time, the Bureau estimated that, since 2013, the total dollar losses to American companies exceeded $740 million, while only hitting around 7,000 targets. When international victims are added in, the losses total $1.2 billion.
Don Jackson, threat researcher and malware analyst for PhishLabs explains, BEC attackers conduct reconnaissance on social networks looking for the people on staff who are responsible for issuing payments – not just those measly payroll checks, but the big sums paid when acquiring new businesses.