LOS ANGELES, CA – March 28: FBIs Deputy Director in charge of the Los Angeles Field Office … [+]
Business Email Compromise (BEC) is a scam perpetrated by fraudsters who, using social engineering tactics, pretend to be company executives or legitimate salespeople to lure employees to target companies to transfer money. to people who cheat. The FBI started tracking (BEC) in 2013 and the scam is getting bigger and bigger every year. The FBI reports that between October 2013 and December 2023 there were 305,033 domestic and international BEC incidents with a total loss of $55,499,915,582.
BEC is an equal opportunity scam, targeting small businesses and large businesses with incidents reported in every state and 186 countries.
How The Scam Works
Like many data thefts and breaches, BEC begins with a phishing or socially targeted phishing email to an employee of a target company that entices the employee to download a link or click on a link that downloads malware that enables the user to know how to download. enter the target company’s computer network. These first emails to an employee of the company we targeted are now the most convincing with the use of AI that enables a cybercriminal to gather information about who to target as well as getting information on how to create an email and make it convincing. Once a target company’s computer network is compromised, cybercriminals are able to harvest information that they can use to create convincing emails that appear to be from a senior company executive. which is sent to the employee who has the authority to enter the money by wire instructing the employee to enter the line. money to an account that appears to be legitimate, but is actually controlled by a cybercriminal. Often the email may come from the account of the CFO or another official from whom the email originates because a cybercriminal has managed to hack into and take over the account of a senior executive. As part of the money laundering process, these funds usually pass through banks in the United Kingdom, Hong Kong, China, Mexico and the UAE.
New Developments
Like all fraud, BEC has evolved as technology advances and in one of the latest developments, instead of funds having to be transferred from bank to bank, the cybercriminal orders the money to wire it to a cryptocurrency savings account where the money comes in. they are immediately converted into difficult to follow cryptocurrencies.
Another innovation related to BEC’s AI, deepfake technology and voice cloning is being used to promote the scam. In 2019 the Wall Street Journal reported the first case of this type of BEC where the CEO of a UK energy firm transferred $243,000 due to a phone call he thought was to the CEO of the parent company of Germany.
A year later, as reported in Forbes, voice integration technology was also used to convince the branch manager of a Japanese company to give 35 million dollars to BEC strategies.
Looking at the increasing number of BEC incidents, it seems that many companies are not taking the necessary steps to protect themselves from this crime even though the procedures that companies should do are not expensive especially, like creating a crowdsourced licensing system. transactions that would require two or more principals to sign a large wire transfer; the use of multiple communication methods to verify wire transfers and wire verification for incoming wire transfer requests via email and email verification for incoming wire transfer requests.
Finally, one of the best things that all companies should do to protect themselves from all types of fraud and cybercrime is to increase the education of their employees on how social engineering works in learn to recognize it and not fall.
#FBI #Issues #Warning #Dangerous #Email #Marketing