BEC based scams costs billions of dollars for the global economy and involves criminals hacking into business email accounts. Read on to know more…
In the global scenario, it’s a cybercrime that drains billions of dollars from the economy, but few people are aware of it. In Business Email Compromise scams (BEC), cybercriminals hack into email accounts, pretending to be someone they’re not, and duping victims into transferring money where it doesn’t belong.
According to the FBI, BEC scams have been the most expensive type of cybercrime in the US for years, although receiving far less attention than the major ransomware attacks that have prompted a robust government reaction.
BEC scams have drawn cybercrooks from all around the world due to the large payouts and low risk involved. According to media reports, some people brag about their ill-gotten gains on social media, posing with Ferraris, Bentleys, and stacks of cash.
According to court records, the US State Department was duped into paying BEC cybercriminals more than USD200,000 in grant funds intended to benefit Tunisian farmers.
Sherry Williams, a Director of a San Francisco non-profit that recently fell victim to a BEC scam said “The scammers are extremely well organized and law enforcement is not,”
According to a new FBI report, losses in the United States due to BEC scams in 2021 were approximately USD2.4 billion.
This represents a 33% increase from 2020 and a tenfold increase from just 7 years ago.
Experts say that several victims never come forward, and that the FBI’s figures actually represent a small portion of the total amount of money stolen each year.
Modus Operandi
BEC cybercrooks use a number of methods to break into legitimate corporate email accounts and deceive employees into sending wire transfers or making purchases they shouldn’t be doing.
Targeted phishing emails are prevalent, but experts say that the online scammers have been quick to embrace new technology, such as artificial intelligence-generated “deep fake” audio to impersonate business officials and dupe subordinates into paying money.
In the instance of Williams, the San Francisco non-profit director, online fraudsters accessed the email account of the non-profit’s bookkeeper, then inserted themselves into a long email thread, sent messages demanding wire payment instructions for a grant recipient, and made off with USD650,000.
Williams stated that after she found what had transpired, her calls to law enforcement went nowhere.
The FBI informed her that her case would not be taken by the local US attorney’s office. She flew to Odessa, Texas, the location of the bank that had initially received the stolen funds.
The money had long since vanished, and the local investigator was helpless to assist.
Williams sought assistance from her US senators and later discovered that the Secret Service was looking into the matter, but she claims she hasn’t received any updates.
The Long Road Ahead
According to security experts, the flood of arrests has had little impact, and the FBI’s own statistics show that BEC frauds are still on the rise.
In the mid-2010s, sophisticated BEC schemes targeting corporations and other organisations began to gain traction.
It was also around this time that ransomware attacks began to increase in regularity and severity, in which hackers penetrate into networks and encrypt data.
Both BEC scams and ransomware attacks have been mostly addressed as a law enforcement issue for years. That remains true for BEC attacks, but ransomware has emerged as a major national security concern following a number of disruptive attacks on critical infrastructure, such as the one last year against the America’s largest fuel pipeline, which resulted in gas shortages on the East Coast.