On July 12, 2018, the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) issued a public service announcement (PSA) regarding the continued increase of Business Email Compromise (BEC)/Email Account Compromise (EAC) scams, especially in the real estate sector. The agency updated its statistical data derived from numerous sources including international law enforcement, logging a 136 percent increase in identified global exposed losses between December 2016 and May 2018. The dramatic increase brings the total domestic and international exposed dollar losses to US$12.5 billion — a figure that exceeds Trend Micro’s 2018 prediction by over $3 billion.
BEC scammers have been targeting the real estate sector over the past few years, which was already mentioned in the IC3’s 2017 internet crime report. Authorities recorded an increase of over 1,100 percent in the number of victims from real estate transactions from 2015 to 2017. Title companies, law firms, real estate agents, buyers, and sellers were mostly victimized via spoofed emails sent or received during these transactions, wherein attackers directed victims to send funds to a falsified domestic account, with Asian banks based in China and Hong Kong being the primary destinations.
A notable observation in IC3’s update was the identification of victims, called domestic money mules in the report. Mules were often recruited by scammers through confidence or romance scams. Scammers may groom these victims and manipulate them into opening accounts, which will only be used for a short time.
Thwart BEC scammers with advanced security solutions
Financial losses to BEC, as well as the number of victims, continue to grow as a result of scammers’ deployment of sophisticated social engineering tactics and computer intrusion techniques. Security solutions powered by advanced technologies such as artificial intelligence (AI) and machine learning (ML) can help users stay one step ahead of these fraudsters.
Trend Micro™ Cloud App Security™ (CAS) for Microsoft® Office 365™and ScanMail™ Suite for Microsoft® Exchange™ (SMEX) use AI and ML to enhance overall cyberdefense against BEC, EAC, phishing, and other advanced threats. The anti-BEC technology found in Trend Micro™ email security products combines the knowledge of a security expert with a self-learning mathematical model to identify fake emails by looking at both behavioral factors and the email's intention.
Used by CAS and SMEX, the new Writing Style DNA feature uses AI to detect email impersonation by recognizing the DNA of a user’s writing style based on past written emails and comparing it to suspected forgeries. When an email is suspected of spoofing a user, the writing style is compared to this trained AI model and a warning is sent to the implied sender, the recipient, and the IT department.