• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Groundbreak Carolinas

MENUMENU
  • News
  • Careers
  • Resources
    • 2020 ABC of the Carolinas EIC Awards
    • AEC Industry Blogs
    • AEC School Directory
    • Asbestos Resources
    • Content Marketing
    • Coronavirus Resources
    • Diversity and Inclusion
    • Economic Forecasts
    • GroundBreak Carolinas Newsletter Archive
    • Health and Wellness
    • New Silica Standard Resources
    • Workforce Development Resources
  • Subscribe

GroundBreak Carolinas

Your source for construction industry news in the Carolinas

MENUMENU
  • Featured
  • Business
    • Accounting
    • Government Affairs
    • Management
    • Human Resources
    • Finance, Bonding, & Insurance
    • Leadership
    • Marketing & BD
    • Operations Management
    • Legal
    • Risk Management
    • Technology
  • Markets
    • Commercial
    • Distribution / Warehouse
    • Government Facilities
    • Health Care
    • Hotels / Hospitality
    • Industrial/Manufacturing
    • Mission Critical / Data Centers
    • Residential/Multi-Family Residential
    • Office Buildings
    • Power / Energy
    • Retail / Shopping Centers
    • Roads, Bridges and Highways
    • Schools (K-12 and Higher Education)
    • Strategy
  • Workforce
    • Apprenticeships
    • Education
      • Colleges
      • High Schools
      • Technical Schools
    • Recruiting
    • Safety
    • Training
    • Veterans Programs
  • Operations
    • Architecture
    • Contracting
    • Energy
    • Engineering
    • Equipment
    • Facilities
    • Products
  • Projects
  • People
  • Economic Development
  • Partners
  • News
  • Events
  • Careers
  • Resources
    • AEC Industry Blogs
    • AEC School Directory
    • Asbestos Resources
    • Content Marketing
    • Coronavirus Resources
    • Economic Forecasts
    • GroundBreak Carolinas Newsletter Archive
    • New Silica Standard Resources
    • Workforce Development Resources
  • Let’s Talk Construction

Featured | Technology

The Threat of Email Compromise

by Jeremy Gilbert, DHG on November 8, 2021

Ransomware attacks grab most of the headlines—for instance, the Colonial Pipeline attack earlier in 2021—but in terms of direct loss, Business Email Compromise/Email Account Compromise (BEC/EAC) was the top crime reported to the FBI’s Internet Crime Complaint Center (IC3).[1] BEC has evolved over the decade and is now also referred to as EAC in acknowledgement that personal email accounts are also targets.

  • According to the IC3 Internet Crime Report for 2020 more than $1.8 billion was lost in 2020 to BEC/EAC attacks
  • More than 50 times the money lost in direct payments to ransomware attacks
  • BEC/EAC attacks have nearly eight times as many complains to the FBI compared to ransomware

According to the IC3 Internet Crime Report for 2020, more than $1.8 billion was lost in 2020 to BEC/EAC attacks. That is more than 50 times the money lost in direct payments to ransomware attacks. BEC/EAC attacks are also much more common with nearly eight times as many complaints to the FBI compared to ransomware—19,369 BEC complaints compared to 2,474 ransomware complaints in 2020.

Ransomware is still a serious threat, including the threat of business interruption, but you are more likely to be targeted in a BEC/EAC attack than a ransomware attack.

Anatomy of a BEC/EAC attack

A BEC/EAC attack in 2021 usually starts with one of the following:

A successful phishing attack against an individual – A fraudulent email is sent to the individual, usually as a part of a large campaign, and that email tricks the user into entering their credentials into a fake login form, which then passes those credentials to the attacker.

A successful social engineering attack – Social engineering attacks are most often carried out over the phone but can also be accomplished via email or instant messaging, or even in person. The attacker will contact the victim and convince them to provide information or inappropriate access to the attacker. In a BEC/EAC attack, the victim’s email login credentials are most valuable.

A successful computer intrusion – Computer intrusion in this context is a catch-all for malware and active intrusion of computer systems, resulting in credential compromise.

After gaining access to the victim’s email account, the attacker may lie in wait until a valuable transaction is sent over email. If the account compromised isn’t a valuable enough target, the attacker may use the victim’s account to launch more attacks against the victim’s contacts.

BEC/EAC losses impact organizations in all industries – the common thread is conducting business via wire transfer. The attacker in each instance waited until an email with wire instructions was received or was expected and replaced legitimate instructions with fraudulent instructions. Once the wire is sent to the wrong bank, the funds are transferred quickly to other banks, often overseas. In many of these cases, the victim did not recognize the wire was missing for a month or longer, well past the window to recover those funds.

How to protect yourself and your company

The good news is that you can protect yourself and your organization from these attacks, but it will require vigilance and some inconvenience. Below is a summary of steps you can take to protect personal and company email accounts:

Train your employees to recognize phishing emails. Common themes in phishing emails are poor grammar and spelling, a sense of urgency, or a link you must click to log in and fix a problem or verify information.

Do not click links in emails, instant messages, or text messages.

Enable multi-factor authentication (MFA) on all accounts that support it. With MFA enabled, even if your credentials are compromised, an attacker will not be able to access your account.

Insist that payments be sent by physical check, not a wire transfer, whenever possible.

If a wire must be sent, call a known number on file to verify the wiring instructions when sending a wire to a company for the first time and any time thereafter when wire instructions change. If you don’t know the sender’s phone number, call the company’s main number. Do not rely on information in the email, including the phone number. If you do call that number, you may be calling the attacker.

Regularly update your computer, cell phone, and any other device you use to access email with all security patches.

For more information about the risks of BEC/EAC and how they may affect you, look to the professionals at DHG. Our cybersecurity teams combine extensive experience and comprehensive insights on the threats you may experience. To learn more, please reach out to us at itadvisory@dhg.com.

About the Author – Jeremy Gilbert serves as a director in charge of the digital forensics lab in DHG’s Charleston, SC office and manages a team of data analytics professionals around the firm. He can be reached at Jeremy.Gilbert@dhg.com.

Jeremy Gilbert

Reference:

[1]Internet Crime Report 2020, https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

Topics: Featured, Technology
DHG, Dixon Hughes Goodman

Primary Sidebar

What We’re Reading

  • N.C. lowers revenue forecast amid recession concerns
    Source: Business North Carolina Published on May 29, 2025
  • New toolkit highlights rural N.C. community college partnerships in advanced manufacturing
    Source: Business North Carolina Published on May 29, 2025
  • Truist names ex-Morgan Stanley exec to board
    Source: Business North Carolina Published on May 29, 2025
  • Novo shares sink amid obesity drug competition
    Source: Business North Carolina Published on May 29, 2025
  • Buc-ee’s Alamance plan progresses, but at a slow pace
    Source: Business North Carolina Published on May 29, 2025

Recent Posts

  • Design-Build for Manufacturers: Collaboration is King
  • Senior Executives and Young Leaders Give Firsthand Advice to New Graduates Entering AEC Industry
  • Tariffs and the Transformation of Construction Financing and Delivery
  • Optimism and Opportunity: SCEDA’s 2025 Conference Highlights South Carolina’s Economic Momentum Amid Uncertainty
  • Western NC Construction Career Day Draws 600 High Schoolers: Inspiration for a Resilient Region
  • Search
  • News
  • Careers
  • Resources
    • 2020 ABC of the Carolinas EIC Awards
    • AEC Industry Blogs
    • AEC School Directory
    • Asbestos Resources
    • Content Marketing
    • Coronavirus Resources
    • Diversity and Inclusion
    • Economic Forecasts
    • GroundBreak Carolinas Newsletter Archive
    • Health and Wellness
    • New Silica Standard Resources
    • Workforce Development Resources
  • Subscribe

Footer

  • About GBC
  • Contact Us
  • Submit Editorial
  • Submit Event
  • Partnerships/Contributors

Sponsorship Opportunities

Join Our Mailing List

"*" indicates required fields

Name*
By clicking Submit you agree to our Privacy Policy and Terms of Use.
This field is for validation purposes and should be left unchanged.

Copyright © 2025 GroundBreak Carolinas LLC.

  • Privacy Policy
  • Terms of Use