The FBI Warns of Business Email Compromise


Business email compromise is a financial fraud scam that the FBI described in a story on Aug. 8, 2015. At that time, it was described as “more sophisticated than any similar scam the FBI has seen before and one — in its various forms — that has resulted in actual and attempted losses of more than a billion dollars to businesses worldwide.”

National attention on this scam began in October 2013 when the FBI’s Internet Crime Complaint Center started receiving reports from businesses that had received wire transfer requests from what they thought were trusted suppliers but that turned out to be fraudulent requests originating overseas.

National attention on this scam began in October 2013 when the FBI’s Internet Crime Complaint Center started receiving reports from businesses that had received wire transfer requests from what they thought were trusted suppliers but that turned out to be fraudulent requests originating overseas.“For victims reporting a monetary loss to the IC3, the average individual loss is about $6,000,” says FBI Analyst Ellen Oliveto, who was assigned to the IC3. “The average loss to BEC victims is $130,000.”

The IC3 started tracking BEC reports at the end of 2013, and had collected data on more than 7,000 companies in the U.S. that had been victimized by the time the story was released in August 2015. This data estimated total dollar losses of more than $740 million, which didn’t even include the losses of victims in other countries.

The IC3 reports that there has been a 270 percent increase in BEC victims since the start of 2015, so it is something everyone should stay aware of. Companies that have been victimized by BEC come from all 50 states, in addition to almost 80 other countries. The IC3 also reports that the majority of these fraudulent wire transfers end up depositing the funds in Chinese banks.

“BEC is a serious threat on a global scale,” says FBI Special Agent Maxwell Marker, who oversees the FBI’s Transnational Organized Crime – Eastern Hemisphere Section in the Criminal Investigative Division. “It’s a prime example of organized crime groups engaging in large-scale, computer-enabled fraud, and the losses are staggering.”

The FBI believes that the scams originate from organized crime groups from a variety of countries, many in Africa, the Middle East and Eastern Europe. They target businesses that are accustomed to using wire transfers for payments and especially those that work with foreign suppliers. These businesses are more likely to see the content of a fraudulent email as normal communication, especially since the scammers compromise legitimate business email accounts, making them appear to come from within the business or from trusted suppliers.

“They have excellent trade craft, and they do their homework,” Marker says. “They use language specific to the company they are targeting, along with dollar amounts that lend legitimacy to the fraud. The days of these emails having horrible grammar and being easily identified are largely behind us.”

Malware is frequently used to access a company’s email network. This not only gives scammers the ability to send communications from a recognized email address, but also can provide access to billing invoices that can be used to cloak the emails in a sense of authenticity.

By sending a fraudulent invoice, the scammers are able to have funds wired directly to their own accounts. There is only a short period of time to deal with a wire transfer if fraud is suspected, which adds to the scam’s effectiveness.

The IC3 offers the following tips to avoid falling prey to one of these scams:

  • Be careful when sharing information about personnel on social media and company websites. Also, make sure not to share financial information on publicly accessible websites.
  • Verify all changes in vendor payment location, such as payments to a new account number or that use a different email address. Furthermore, be sure to confirm all requests for the transfer of funds by contacting the person or business directly.
  • Free, web-based email accounts may be more susceptible to hacking, so be especially vigilant when receiving communications from them.
  • Be wary of requests to transfer funds that ask for secrecy or state that action must be taken quickly.
  • Ask your financial institution about financial security procedures that require a two-step verification process for completing wire transfers.
  • Use an intrusion detection system that can flag suspicious emails with extensions that are similar to company emails but not the same, such as email addresses that end in “.co” and not “.com.”
  • Last, if your businesses is able to do so, register internet domains that appear to be the same as your company’s with only slight differences, so scammers cannot register them.

If you think you have fallen victim to a BEC scam, contact your financial institution immediately to attempt to verify or cancel the payment. Your financial institution can try to contact the financial institution where the money is heading. Then, make sure to report the scam to the IC3 at https://www.ic3.gov/complaint/default.aspx.

 

Related Articles

Leave a Reply