The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has updated its email fraud guidance to alert financial institutions to trends in reported business email compromise (BEC) fraud.
The guidance to “Advisory to Financial Institutions on E-mail Compromise Fraud Schemes” issued by FinCEN on Sept. 6, 2016, provides updated operational definitions for email compromise fraud; information on the targeting of non-business entities and data by BEC schemes; highlights general trends in BEC schemes targeting sectors and jurisdictions; and alerts financial institutions to risks associated with the targeting of vulnerable business processes by BEC criminals.
BEC fraud targets accounts of financial institutions or customers of financial institutions.
“While the U.S. government and industry are heavily engaged in efforts to prevent email compromise fraud, reported incidents and aggregate attempted fraudulent wire amounts continue to rise,” the report states.
FinCEN’s updated report notes that the FBI reported over $12 billion in potential losses domestically and internationally from October 2013 to May 2018 from email compromise fraud.
Since FinCEN’s 2016 BEC Advisory, FinCEN has received over 32,000 reports involving almost $9 billion in attempted theft from BEC fraud schemes affecting U.S. financial institutions and their customers.
“This represents a significant economic impact on the businesses, individuals, and even governments that are targeted by these schemes,” the report states.
Financial institutions can continue to play an important role in identifying, preventing and reporting fraud schemes. FinCEN notes the importance of communication and collaboration among internal anti-money laundering and countering financing of terrorism (AML/CFT), compliance, business, fraud prevention, legal and cybersecurity departments within financial institutions as well as with other financial institutions across the sector.
The new report updates the original definitions of email compromise fraud, BEC and email account compromise. FinCEN broadens its definitions of email compromise fraud activities to clarify that such fraud targets a variety of types of entities and may be used to misdirect any kind of payment or transmittal of other things of value.
For example, while many email compromise fraud scheme payments are carried out via wire transfers, FinCEN has observed BEC schemes fraudulently inducing funds or value transfers through other methods of payment, to include convertible virtual currency payments, automated clearing house transfers, and purchases of gift cards.
— Check out FBI Sees Big Rise in Internet Crime Complaints, Losses on ThinkAdvisor.