The perpetrators often perform a fair amount of research, looking for a company that has had a change in leadership in the C-suite of the finance function, companies where executives are traveling, or by leading an investor conference call. Upon monitoring the compromised email account, the fraudster will try to determine who initiates wires and who requests them. This is usually done using keylogger malware or phishing methods, where attackers create a domain that’s similar to the company they’re targeting, or a spoofed email that tricks the target into providing account details. Globally, cybercriminals scammed more than $50 million dollars from victims in non-US countries.īEC scams often begin with an attacker compromising a business executive’s email account or any publicly listed email. According to the FBI, victims lost nearly $750 million dollars and affected more than 7,000 people between October 2013 and August 2015. Formerly known as Man-in-the-Email scams, these schemes compromise official business email accounts to conduct unauthorized fund transfers. The FBI defines Business Email Compromise (BEC) as a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments. These methods ultimately lead to successful intrusion and unfettered access to their victims’ credentials.
Evidently, there has been an increase of computer intrusions linked to BEC scams, involving fraudsters impersonating high level executives, sending phishing emails from seemingly legitimate sources, and requesting wire transfers to alternate, fraudulent accounts. In January 2015, the Internet Crime Complaint Center (IC3) and the FBI released a public service announcement that warns of a “sophisticated scam” targeting businesses that work with foreign suppliers. Over the past two years, fraudsters stole millions of dollars from businesses by compromising their official email accounts and using those accounts to initiate fraudulent wire transfers.
0 kommentar(er)
