In March, we reported on the Business E-mail Compromise (BEC) scam where criminals target employees responsible for wiring company money, and trick them into wiring money under false pretenses to fraudulent accounts controlled by the criminals. In recent months, the FBI has identified a new trend in the BEC scam, and a similar emerging scheme that primarily targets employees from spoofed email accounts (E-Mail Account Compromise or EAC). The FBI estimates that these scams have claimed over 8,000 victims and resulted in losses totaling nearly $800 million since October 2013. This reflects a 4x increase from our initial report in March, when the figures attributable to this scam stood at roughly 2,000 victims and $215 million in losses.
The alarming growth rate and success of this fraud requires that all companies and organizations -- regardless of their business or size -- take notice of these accelerating trends and implement appropriate counter-measures to avoid falling victim. Previously, there were three fact patterns of common BEC fraud:
As is typical, the criminals have evolved and adjusted their BEC strategy and are now posing as a company lawyer or advisor handling a highly time-sensitive and confidential matter. The fraudster pressures the employee to transfer funds secretly and quickly, usually near the end of the business day or work week (timed to coincide with the closing of international financial institutions). In the closely related, EAC fraud scheme, criminal actors create a spoofed e-mail account that contains slightly modified characters but very closely resembles a legitimate email address (and domain) known to the employees. The criminal actor then uses the spoofed e-mail account to initiate a request for an unauthorized wire transfer.
As criminals adapt and develop more sophisticated schemes, companies and organizations should likewise adjust their counter- measures (we previously reported on basic considerations here):
Review your intrusion detection system (IDS) rules to flag e-mails with extensions that are similar to your company’s e-mail. For example, if the legitimate e-mail is abc_company.com, flag all e-mails from abc-company.com.
More information about the fraud is available from the Internet Crime Complaint Center (IC3), a partnership of the FBI and the National White Collar Crime Center.