A Lithuanian man whose business email compromise (BEC) scheme lifted over $100 million from Google and Facebook pleaded guilty to wire fraud last March 20. Evaldas Rimasauskas, aged 50, and unnamed collaborators essentially posed as a Taiwan-based hardware company that was a known business associate of both Facebook and Google. Their elaborate fraud first involved setting up a company in Latvia impersonating the hardware company. The group then sent fake invoices, contracts, letters and such to the tech companies, falsely billing them for millions of dollars over a period of years.
These documents were legitimate-looking enough that Google and Facebook wired money to accounts controlled by Rimasauskas from 2013 to 2015. He then reportedly laundered the money through banks in Latvia, Cyprus, Slovakia, Lithuania, Hungary and Hong Kong.
Rimasauskas agreed to forfeit $49.7 million, and his sentencing is scheduled for July 24. He could face up to 30 years in prison.
The year of messaging threats
The Trend Micro annual security roundup noted that BEC and other types of messaging threats were on the rise in 2018. However, BEC in particular has been on the radar of cybersecurity and government organizations for a while. The Federal Bureau of Investigation has been closely monitoring BEC scams, and their July 2018 report shows that this type of messaging fraud cost enterprises $12.5 billion since 2013. Moreover, Trend Micro data showed a 28% increase in BEC attempts (specifically those targeting CEOs) from 2017 to 2018.
BEC is commonly used because the scheme itself requires little technical knowledge — it involves the use of fake documents or social engineering to trick employees of a company to transfer funds to the scammer.
Thwarting BEC attacks
BEC detection is sometimes difficult, as forged documents are getting better and social engineering techniques get more sophisticated, but there are effective ways to curb the threat. BEC detection techniques featured in Trend Micro™ email security products use artificial intelligence (AI) and machine learning to defend against BEC.
Trend Micro™ Cloud App Security™ (CAS) for Microsoft® Office 365™and ScanMail™ Suite for Microsoft® Exchange™ (SMEX) use AI and ML to enhance overall cyberdefense against BEC, EAC, phishing, and other advanced threats. The anti-BEC technology found in Trend Micro™ email security products combines the knowledge of a security expert with a self-learning mathematical model to identify fake emails by looking at both behavioral factors and the email's intention.
Used by CAS and SMEX, the new Writing Style DNA feature uses AI to detect email impersonation by recognizing the DNA of a user’s writing style based on past written emails and comparing it to suspected forgeries. When an email is suspected of spoofing a user, the writing style is compared to this trained AI model and a warning is sent to the implied sender, the recipient, and the IT department.
Besides advanced security solutions, following best practices against email fraud can also thwart BEC scammers.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.