Email is the preferred form of communication in a business environment. This trend is expected to continue, and business email will account for over 132 billion emails sent and received per day by the end of 2017. Therefore, protection of business communications is of utmost importance.
According to the FBI, hackers are netting millions through business email. The scheme, formerly known as the man-in-the-email-attack, is designed to fool employees and clients into transferring business funds into the hands of criminals. Threatpost’s recent article on the subject is summarized below:
The FBI’s Internet Crime Complaint Center (IC3) announced the threat in late January. Between October 2013 and December 2014, the digital division of the FBI says BEC schemes affected 2,126 victims of BEC crime and $214,972,503.30 in related losses.
The Business Email Compromise (BEC) scam comes in three distinct versions and targets companies who regularly perform wire transfers with foreign suppliers and other International third parties:
- Version 1: “The Bogus Invoice Scheme,” “The Supplier Swindle” and “Invoice Modification Scheme,” encourages attackers contact their target company via spoofed email, telephone or fax and ask for a wire transfer to an alternative account controlled by criminals or their money mules.
- Version 2: “CEO Fraud,” “Business Executive Scam,” “Masquerading,” and “Financial Industry Wire Frauds.” In this variant, the criminals compromise the email accounts of company executives and then send urgent transfer requests to the employee in charge of processing transfer requests or even directly to their financial institutions.
- Version 3: Attackers compromise lower-level employee email accounts and sending money transfer requests to multiple vendors identified from this employee’s contact list. The requests would route transfers into accounts controlled by the criminals.
Once money is moved out of a company, the criminals perpetrating BEC fraud then disperse the funds by transferring the stolen money again several times through a number of different money transfer services. In the end, the money is said to end up in bank accounts located in Mainland China and Hong Kong.
For more information about BEC fraud, see the full Threatpost article.
IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.