“BEC scams were the second most costly form of cybercrime reported to the feds last year, with nearly $2.8 billion in claimed losses.”
SilverTerrier, a Nigerian BEC group, compromised an aviation exec’s email, mined the inbox for past invoices, registered a near-identical domain, and tricked a customer into a six-figure payment within hours. The attacker behind it has been running this playbook since 2012 across 240+ domains. Business email compromise remains the most profitable cybercrime category because it exploits trust relationships that no amount of technical security can fully protect. The FBI’s kill chain program only works if victims notice within 72 hours, which most don’t.