BEC On The Rise Even As FBI Cracks Down On Scammers
By: Jim Stickley and Tina Davis
September 27, 2018
Business email compromise, or BEC scams are on the rise. In a report from Palo Alto Networks released earlier this year, it noted that Nigerian BEC linked incidents rose 45% between 2016 and 2017 and have continued to creep up in 2018. And the FBI is taking BEC seriously. Recently, the agency in partnership with several other U.S. authorities and police organizations from other countries managed to bust scammers and arrest 74 people involved in BEC scams.
BEC scams often use spear-phishing campaigns to target specific employees that have access to company finances and/or are authorized to perform wire transfers. The cybercriminals use social engineering techniques to convince employees to wire money into their accounts rather than into accounts of those with which they truly do business.
These criminals don’t stick to large Fortune 500 companies either. They also take advantage of those in small companies as well as individual victims, often the elderly.
Spear-phishing can happen when the criminals get information about their targets, create a specific scam those targets are likely to fall for, and execute it. They acquire the information in a variety of ways, but often from social media and business networking sites such as LinkedIn. Many people are very thorough when they create a profile on the sites and it makes them unintentionally easy picking for the thieves.
Always be cautious about what you post on networking or social media sites. If you do have authorization to move money around or have access to sensitive information on behalf of your organization, such as W-2 details think very seriously about what you put in your profile for your job function. Be as vague as you can or just don’t put the specifics in there at all. And if you choose to enter it, make sure you know how to identify any kind of phishing attempt. It only takes one click by one person to take down your organization’s network.
In addition to catching the scammers (that were from Canada, Mauritius, Nigeria, Poland, and the U.S.), they charged 15 money mules in their roles. These criminals are generally responsible for receiving and transferring stolen funds as directed by the operators of the scams. They keep a portion of the take for their services.
In this recent FBI bust being called Operation Wire Wire, they seized nearly $2.4 million and recovered about $14 million that were wired to them fraudulently. According to the most recent IC3 report, the majority of complaints in 2017 were related to BEC scams and losses were around $675 million.