Business email compromise (BEC) is a leading cause of fraudulent ACH and wire transfers from business deposit accounts — accounting for 73% of all reported cyber incidents in 2024 (Off-site), a sharp increase from 44% in 2023. Furthermore, the FBI reports that BEC has become a $55 billion scam (Off-site) over a 10-year time frame.
Using a classification structure, such as the FraudClassifier℠ model (Off-site) shown below, can help users consistently identify how the BEC fraud occurred, such as by modifying existing payment information, taking over the account or manipulating an authorized party. Furthermore, using the model can uncover what facilitated the BEC, such as compromised credentials, impersonation of authorized parties, or relationship and trust scams. Understanding vulnerabilities can encourage financial institutions and their business customers to take steps to reduce their risk.
Sharing and use of the FraudClassifier model throughout the industry is encouraged; any adoption is voluntary. The FraudClassifier model is not intended to result in mandates or regulations, and does not confer any legal status, rights or responsibilities, nor is the model intended to define or imply liabilities for fraud loss or create reporting requirements. Absent written consent, the FraudClassifier model may not be used in a manner that suggests the Federal Reserve endorses a third-party product or service.
