close
close

Technology committee warns of rising business email scams

Posted on by darion

An advisory committee focusing on financial technology, or fintech, has completed research into cybercrime threats and other issues in the field.

The Emerging Technologies Advisory Committee (ETAC) at the Idaho Department of Finance’s Financial Innovation Lab has released a report on corporate email hacking and an opinion on predictive analytics oversight.

“BEC (business email breach) remains one of the most financially damaging forms of cybercrime and occurs when criminals trick victims into sending them funds or information using emails that appear to come from known or legitimate sources,” ETAC said. “BEC attacks have been the No. 1 form of financial loss from cybercrime over the past decade, and these attacks continue to harm businesses and individuals in Idaho and across the United States.”

The graph of BEC losses shows that these amounts have increased significantly between 2016 and 2023. In 2016, losses were less than $500 million, while last year, losses were just under $3 billion.

ETAC said in its report that the funds could only be recovered if those involved did not take swift action.

“Recovering funds is extremely difficult unless the victim, the financial institutions involved, or law enforcement act extremely quickly, as malicious actors typically move funds out of the initial escrow account as quickly as possible to prevent the victim from recovering them,” the BEC report said. “This means that timely information sharing and communication are essential to recovering stolen funds, as the window for recovering funds is often 24 hours or less.”

The advisory committee listed a set of tactics that people can use to avoid BEC attacks, which it said “can be nearly completely thwarted through the development of new policies/statutes, innovative use of technology, and improvements to existing government programs:

  • Enforce name matching for bank transfers and develop AI verification programs
  • Liability Protection for the Adoption of AI Name Matching Verification Programs
  • Clarify that Section 314b should apply when sharing information about fraud
  • Improve your financial fraud elimination and rapid response chain program

When it comes to predictive data analytics, or PDA, ETAC said proposed federal and state regulations from the U.S. Securities and Exchange Commission “threaten to undo progress on financial inclusion. “Implementing sweeping regulations on the use of new technologies can create barriers to financial inclusion and stifle innovation,” it said.

On July 26, 2023, the SEC proposed “Conflicts of Interest Related to the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers,” which would seek to “establish higher standards of conduct for investment advisers and broker-dealers in virtually all interactions with investors using any technology (from basic spreadsheets to artificial intelligence), regardless of whether a recommendation or personalized investment advice is provided to a retail client.”

In addition, ETAC noted that the North American Securities Administrators Association had proposed an illustrative rule expanding the definition of the word “recommendation,” which could broaden the application of the PDA.

“Each of these proposals is highly prescriptive and anti-technology, threatening to stifle innovation and undermine the progress made on financial inclusion to date,” ETAC said. “The SEC’s PDA proposal would effectively replace the existing framework with a broad regulatory approach that would give the SEC oversight of nearly all technology applications used by broker-dealers and investment advisers in their interactions with investors—from simple tools like calculators and Excel spreadsheets to quantum computers and advanced artificial intelligence.”

While the advisory committee recognised the speed at which technologies were developing and their transformative impact, it also said it believed the existing legal framework should be used.

“The Commission also emphasizes the need to responsibly develop and deploy these technologies within the framework of existing SEC, FINRA and state regulations designed to protect investors and markets, rather than creating new regulatory barriers to emerging technologies that will stifle innovation at the expense of both retail investors and the financial industry.”