Over the past two years, fraudsters stole millions of dollars from businesses by compromising their official email accounts and using those accounts to initiate fraudulent wire transfers. In January 2015, the Internet Crime Complaint Center (IC3) and the FBI released a public service announcement that warns of a “sophisticated scam” targeting businesses that work with foreign suppliers. Evidently, there has been an increase of computer intrusions linked to BEC scams, involving fraudsters impersonating
What is Business Email Compromise?
The FBI defines Business Email Compromise (BEC) as a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments. Formerly known as Man-in-the-Email scams, these schemes compromise official business email accounts to conduct unauthorized fund transfers. According to the FBI, BEC scams already
How does it work?
BEC scams often begin with an attacker compromising a business executive’s email account or any publicly listed email. This is usually done using keylogger malware or phishing methods, where attackers create a domain that’s similar to the company they’re
BEC scams have three versions:
This version, which has also been referred to as “The Bogus Invoice Scheme”, “The Supplier Swindle”, and “Invoice Modification Scheme”, usually involves a business that has an established relationship with a supplier. The fraudster asks to wire funds for invoice payment to an alternate, fraudulent account via spoofed email, telephone, or facsimile.
In this version, the fraudsters identify themselves as high-level executives (CFO, CEO, CTO, etc.), lawyers, or other types of legal representatives and purport to be handling confidential or time-sensitive matters and initiate a wire transfer to an account they control. In some cases, the fraudulent request for wire transfer is sent directly to the financial institution with instructions to urgently send funds to a bank. This scam is also known as “CEO Fraud”, “Business Executive Scam”, “Masquerading”, and “Financial Industry Wire Frauds”.
Similar to the two other versions, an email account of an employee is hacked and then used to make requests for invoice payments to fraudster-controlled bank accounts. Messages are sent to multiple vendors identified from the employee’s contact list. The business may not become aware of the scheme until their vendors follow up to check
The scam mostly banks on social
Case Study: Predator Pain and Limitless, Hawkeye
In 2014, findings revealed that
The cybercriminals behind these operations had indiscriminate targets, but they did go after specific industries where they think they will be most successful.
[Related: Olympic Vision campaign
Other targets: PII and W-2 information
As early as March 2016, a growing line of corporations and businesses have been found to have fallen for similar schemes. Companies like Seagate, Snapchat, and Sprouts Farmer’s Market were among the businesses that were victimized by email scams that use the same modus. By the end of the same month, Pivotal Software, a San Francisco-based software and services company, was breached via a phishing scheme that leaked an undisclosed number of employee tax information.
The breach was initiated by an email that appeared to be from the company’s CEO Rob Mee, requesting information on the company's staff. This resulted in the delivery of employee W-2 information that included names, addresses, 2015 income details, Social Security numbers, and Individual Taxpayer Identification numbers to an unauthorized recipient.
Not long after this incident, similar schemes were used to aim for personal information from the education sector. Following the exposure of W-2 information of 3,000 employees of Virginia-based Tidewater Community College, a similar email that posed as a request from Kentucky State University President Raymond Burse was sent to one of the school’s staff members, prompting the staff to forward a list of employees and students along with the 2015 W-2 information.
Scams that involve the theft of personal information via phishing emails have proven to be a valuable underground commodity as the stolen data could be sold in underground markets and also be used to stage future attacks. As seen in recent and previous tax fraud scams, email scams have become one of the quickest methods to trick unknowing users.
Defending against the scam
Businesses are advised to stay vigilant and educate employees on how to prevent being victimized by BEC scams and other similar attacks. It’s important to know that
For more on protecting your organization from BEC schemes, read Battling Business Email Compromise Fraud: How Do You Start?
Trend Micro products protect medium and large enterprises from this threat. Malware in BEC-related emails
The InterScan Messaging Security Virtual Appliance with enhanced social engineering attack protection provides protection against socially-engineered emails used in BEC attacks. The Deep Discovery Analyzer found in the Trend Micro Network Defense family of solutions help detect advanced malware and other threats that come in using email.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.