According to a recent FBI Bulletin / Public Service Announcement (PSA), the scam is carried out when a subject compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
Most victims report using wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices. The scam has evolved to include the compromising of legitimate business e-mail accounts and requesting Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees, and may not always be associated with a request for transfer of funds.
It is largely unknown how victims are selected; however, the subjects monitor and study their selected victims using social engineering techniques prior to initiating the BEC scam. The subjects are able to accurately identify the individuals and protocols necessary to perform wire transfers within a specific business environment. Victims may also first receive “phishing” e-mails requesting additional details regarding the business or individual being targeted (name, travel dates, etc.).
Some individuals reported being a victim of various Scareware or Ransomware cyber intrusions immediately preceding a BEC incident. These intrusions can initially be facilitated through a phishing scam in which a victim receives an e-mail from a seemingly legitimate source that contains a malicious link. The victim clicks on the link, and it downloads malware, allowing the subject(s) unfettered access to the victim’s data, including passwords or financial account information.
the FBI commits a lot energy and effort to fight cybercrimes, particularly those it refers to as Business Email Compromise (BEC) scams. BECs are a type of phishing attack in which criminals target businesses that frequently send international wire transfers, and they can involve huge sums of money. A report issued this week by the Bureau reveals just how huge the scam is.
According to the FBI Bulletin, the following BEC/EAC statistics were reported to the IC3 and are derived from multiple sources, including IC3 and international law enforcement complaint data and filings from financial institutions between October 2013 and December 2016:
– Domestic and international incidents: 40203
– Domestic and international exposed dollar loss: $5302890448 (that could be read $5 billion 302 million 890 thousand 448 or $5.3 billion in short)
From October 2013 to December 2016, the FBI investigated over 22000 of these incidents only involving US businesses. In total, the report states losses approaching $1.6 billion. That is roughly $500 million every year being scammed and the figures involved have climbed sharply, up 2370% between Janury 2015 and December 2016.
The closing section of the FBI bulletin offers several tips for avoiding BECs, and they’re worth studying whether or not you own or operate a business. Some of the advises are: being more cautious when requests are urgent or total secrecy is requested, closely scrutinizing any communications (sender’s email address, writing style, etc.) involving financial details, or implementing two-factor authentication to minimize the potential for accounts being compromised.
Source: FBI / PSA
This article may use background information and fact-checking material from Wikipedia, the free Encyclopedia. The content of this article including any attachments, hosted locally or linked, is freely available for re-use under simple legal terms via the Creative Commons Attribution-ShareAlike License (CC-BY-SA), additional terms may apply where applicable.