top of page

From Inbox to Outbreak: The BEC and FTF Epidemic

  • Grace Howard
  • May 14
  • 3 min read

Updated: May 15

According to cyber-insurance claims data from Coalition’s 2025 Cyber Claims Report, Business Email Compromise (BEC) attacks and Fund Transfer Fraud (FTF) accounted for a staggering 60% of all claims in 2024. These email-based attacks have been the bulk of claims for organizations over the past three years. The financial impact is significant: BEC incidents cost organizations, on average, $35,000. Furthermore, 29% of BEC attacks also led to FTF incidents, with an even higher average loss of $106,000. FTF events frequently occur through social engineering or directly result from a BEC event, where attackers impersonate trusted parties to trick employees into making unauthorized wire transfers.


Email is the lifeblood of modern business communication, but it can also be a significant vulnerability. BEC and FTF continue to pose major threats, costing businesses vast sums every year. While large-scale breaches often grab headlines, sometimes vigilance in a single transaction can prevent considerable loss.


Consider the story of a friend, a banker at a large regional bank. A customer, a landscaper, came in to finalize the purchase of a much-needed large truck for their growing business. The final step was a $50,000 wire transfer to the truck dealership. Wire transfers are a common, fast, and generally reliable method for moving large sums, often used for major purchases like vehicles.


As part of the standard procedure for wire transfers, the banker asked the customer how they received the dealership's bank details. The customer showed an email from their contact at the dealership. This raised a slight concern for the banker, leading to the crucial next question: "did you call the dealership to confirm the banking details?" Fortunately, the customer was happy to make the call right then, putting the phone on speaker.


When they spoke to the truck dealer, the landscaper mentioned the $50,000 transfer and double-checking the bank account information from the email. The dealer's response was immediate and distressed: "No, no. Oh, no. That’s not our information at all. I never sent you that email."


It became clear that a bad actor had compromised the dealership's email account. They sent a legitimate-looking email with fake bank details, hoping the landscaper would unknowingly wire the $50,000 to the fraudster instead of the dealer. Thanks to the banker's diligence, both the landscaper and the dealer were saved from losing $50,000. The grateful landscaper exclaimed, "you just saved me $50,000, AND a claim on my cyberfraud insurance."


While the frequency of FTF claims dropped slightly, the severity of BEC claims saw a significant 23% increase, particularly in the latter half of 2024. This spike in BEC severity was partly due to increased costs associated with legal expenses, incident response, data mining, and other mitigation and recovery efforts.


This near-miss, thankfully averted by a vigilant banker, serves as a reminder that while email remains essential, it's also a prime target for malicious actors. The rising tide and severity of BEC and FTF attacks, accounting for a staggering 60% of cyber insurance claims, underscore the need for proactive defense.


So, what can organizations do to shield themselves from these costly threats? First, implement routine credential screening to ensure your employees and consumers aren't compromised. Furthermore, before processing significant financial transactions or allowing critical account changes, verify the legitimacy of the involved email accounts. While robust security measures like employee training and multi-factor authentication form a strong foundation, layering in checks specifically around large transactions and email compromise can provide an extra line of defense, potentially saving your organization from substantial financial losses and the headache of a cyber insurance claim.


Read more about our solutions for Email Reputation, ATO Threat Monitoring, and AD Credential Audit.

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page