Whether you’re a Fortune 500 corporation, an emerging company, or a startup, the damage that cybercrime can inflict on your business can be devastating. According to a 2019 report from Cybersecurity Ventures, cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015. A similar 2019 Research Report from Accenture calculated a “total value at risk” of $5.2 trillion globally over the next five years as a result of cybercrime.

Looking at root causes, the Accenture report also highlights the “evolving tactics” used by today’s cybercriminals. This includes targeting the human layer, which the researchers refer to as the “weakest link in cyberdefense.” In fact, the number of “people-based attacks” increased the most year-over-year compared to more well-known cyber threats like malware and denial of service attacks, according to the Accenture report. People-based attacks can involve phishing, ransomware, and malicious insiders.

How Cybercriminals Use Email to Trick Employees

A recent NPR broadcast covered people-based cyber attacks, telling a story of how email is the latest weapon in the cybercriminal’s tool kit. According to the broadcast, cybercrime today is less about hacking into computers and more about fooling people.

Providing some firsthand insight on a topic that many executives and business owners are reluctant to talk about, NPR shared the story of a Seattle-based real estate company that fell victim to a threat known as “business email compromise.” This relatively new wave of cybercrime targets individuals with the ability to transfer funds from business accounts, using email in an attempt to get them to fraudulently send money to an attacker’s account. According to the U.S. Federal Bureau of Investigation (FBI), business email compromise attacks alone cost companies worldwide more than $26 billion over the last three years.

In the case of the hacked real estate company, business owner Mark—who would not share his last name—was engaged in what he thought was a perfectly normal email conversation with his business partner. “The cadence and the timing of the email were so normal that it wasn’t suspicious at all,” said Mark. “It was just like we were continuing to have a conversation, but I just wasn’t having it with the person I thought I was,” he added.

The problem: Mark had wired $50,000 to a cybercriminal overseas—without knowing it. That is until he texted his partner to confirm the transfer and received an ominous response: “What wire?” He immediately knew he had been duped.

Business owner Mark is not alone. In fact, stories of cybercrime are becoming more common, affecting more employees across the company. To hear more about this story directly from the source, you can listen to the full 6-minute NPR broadcast.