An emerging global threat: BEC scams hitting more and more businesses

As more and more victims come forward, and the losses sustained by firms in the US and around the world passed the billion dollar mark, the FBI is once again warning businesses about Business Email Compromise (BEC) scams.

The BEC is a sophisticated scam performed by members of organized crime groups from Africa, Eastern Europe, and the Middle East. They usually target businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.

The scammers impersonate a supplier, a high-level executive with the firm, or a firm’s employee by hacking or spoofing their email accounts. From those accounts, they send requests to the firm’s employee(s) in charge of making payments to wire a payment to a bank account belonging to the scammers, usually set up with a Chinese bank.

“They know how to perpetuate the scam without raising suspicions,” FBI Special Agent Maxwell Marker pointed out. “They have excellent tradecraft, and they do their homework. They use language specific to the company they are targeting, along with dollar amounts that lend legitimacy to the fraud. The days of these e-mails having horrible grammar and being easily identified are largely behind us.”

More often that not, the scammers also manage to infiltrate the company’s networks via malware that they have tricked employees into downloading and running. This allows them access to information that they can misuse to make the fraudulent wire transfer requests seem legitimate.

“According to IC3, since the beginning of 2015 there has been a 270 percent increase in identified BEC victims. Victim companies have come from all 50 U.S. states and nearly 80 countries abroad,” the FBI shared.

“BEC is a serious threat on a global scale,” says Marker. “We are applying all our investigative techniques to the threat, including forensic accounting, human source and undercover operations, and cyber aspects such as tracking IP addresses and analyzing the malware used to carry out network intrusions. We are working with our foreign partners as well, who are seeing the same issues.”

In the meantime, businesses would do well to acquaint themselves with the BEC threat and take measures to avoid becoming victims, such as verifying changes in vendor payment location and confirming requests for transfer of funds, refraining from posting financial and personnel information to social media and company websites, using two-step verification for confirming significant transactions, and more.

Trend Micro researchers have recently managed to identify two cybercriminals that perform a variant of the BEC scam – the “change of supplier” scam, and have shared helpful details about these scammers’ modus operandi.