BEC Scams Reported Number One Scam in Arizona Breaking Down the IC3 Annual Report
ARIZONA—CyberOps Phoenix is warning the public about an increase in business email compromise (BEC)
– also known as
email account compromise (EAC) fraud. According to the CyberOps’ Internet Crime Complaint Center
(IC3) this scam has
been the number one reported scam in Arizona for money lost over the last five years.
This was also the number one reported scam in money loss nationally. In 2021, the IC3 received
19,954 BEC/EAC complaints
with adjusted losses at nearly $2.4 billion nationally. Arizona accounted for more than $22 million
in losses with only
The second highest reported scam both nationally and in Arizona was investment fraud. In 2021, IC3
investment complaints with adjusted losses at nearly $1.5 billion. Arizona reported 349 victims with
losses of more than
BEC is a scam targeting businesses (not individuals) working with foreign suppliers and/or
performing wire transfer payments. email Account Compromise (EAC) is a similar scam which targets
sophisticated scams are carried out by fraudsters compromising email accounts through social
engineering or computer
intrusion techniques to conduct unauthorized transfer of funds.
The scheme has evolved from simple hacking or spoofing of business and personal email accounts and a
request to send
wire payments to fraudulent bank accounts. Historically, this scam involved compromised vendor
emails, requests for W-2
information, targeting of the real estate sector, and fraudulent requests for large amounts of gift
Now, fraudsters are using virtual meeting platforms to hack emails and spoof business leaders’
credentials to initiate
the fraudulent wire transfers. These fraudulent wire transfers are often immediately transferred to
wallets and quickly dispersed, making recovery efforts more difficult.
The following tips may help protect you and/or your company from BEC scams:
Look at the email header of the sender. Keep an eye out for email addresses that look
but not the same as
the ones used by your work supervisors or peers (example_company.com vs.
Set up two-factor (or multi-factor) authentication on any account that allows it, and never
Be wary of requests to buy multiple gift cards, even if the request seems ordinary.
Be especially wary if the requestor is pressuring you to act quickly.
Watch out for grammatical errors or odd phrasing.
Be wary if the sender asks you to send the gift card number and PIN back to him.
Don’t rely on email alone. Contact the person or the company directly to verify any payment
Be cognizant of what you are posting on social media. Attackers will look for things on
media to lend
credibility to what they are saying and the person they are pretending to be.