Business Email Compromise
The Business E-mail Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Formerly known as the Man-in-the-E-mail Scam, the BEC was renamed to focus on the “business angle” of this scam and to avoid confusion with another unrelated scam. The fraudulent wire transfer payments sent to foreign banks may be transferred several times but are quickly dispersed. Asian banks, located in China and Hong Kong, are the most commonly reported ending destination for these fraudulent transfers.
The BEC is a global scam with subjects and victims in many countries. The IC3 has received BEC complaint data from victims in every U.S. state and 45 countries. From 10/01/2013 to 12/01/2014, the following statistics are reported:
The FBI assesses with high confidence the number of victims and the total dollar loss will continue to increase.
The BEC scam is linked to other forms of fraud, including but not limited to: romance, lottery, employment, and the home/vacation rental scams. The victims of these scams are usually U.S. based and may be recruited as unwitting “money mules.” The mules receive the fraudulent funds in their personal accounts and are then directed by the subject to quickly transfer the funds using wire transfer services or another bank account, usually outside the U.S. Upon Direction, mules may sometimes open business accounts for fake corporations both of which may be incorporated in the true name of the mule.
The “Attorney Check Scam” is another type of fraud that is linked to the BEC scam in the following manner:
The victims of the BEC scam range from small to large businesses. These businesses may purchase or supply a variety of goods, such as textiles, furniture, food, and pharmaceuticals. This scam impacts both ends of the supply chain, as both supplies and money can be lost and business relations may be damaged.
It is still largely unknown how the victims are selected; however, the subjects monitor and study their selected victims prior to initiating the BEC scam. The subjects are able to accurately identify the individuals and protocol necessary to perform wire transfers within a specific business environment. Victims may also first receive “phishing” e-mails requesting additional details of the business or individual being targeted (name, travel dates, etc). Some victims reported being a victim of various Scareware of Ransomware cyber intrusions, immediately preceding a BEC scam request.
VERSIONS OF THE BEC SCAM
Based on IC3 complaints and other complaint data received since 2009, there are three main versions of this scam:
A business, which often has a long standing relationship with a supplier, is asked to wire funds for an invoice payments to an alternate, fraudulent account. The request may be made via telephone, facsimile or e-mail. If an e-mail is received, the subject will spoof the e-mail request so it appears very similar to a legitimate account and would take very close scrutiny to determine it was fraudulent. Likewise, if a facsimile or telephone call is receive, it will closely mimic a legitimate request. This particular version has also been referred to as “The Bogus Invoice Scheme,” “The Supplier Swindle,” and “Invoice Modification Scheme.”
The e-mail accounts of high-level business executives (DFO, CTO, etc) are compromised. The account may be spoofed or hacked. A request for a wire transfer from the compromised account is made to a second employee within the company who is normally responsible for processing these requests. In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank “X” for reason “Y.” This particular version has also been referred to as “CEO Fraud,” “Business Executive Scam,” “Masquerading,” and “Financial Industry Wire Frauds.”
An employee of a business has his/her personal e-mail hacked. Requests for invoice payments to fraudster-controlled bank accounts are sent from this employee’s personal e-mail to multiple vendors identified from this employee’s contact list. The business may not become aware of the fraudulent requests until they are contact by their vendors to follow p on the status of their invoice payment.
CHARACTERISTICS OF BEC COMPLAINTS
The IC3 has noted the following characteristics of BEC complaints:
SUGGESTIONS FOR PROTECTION
The IC3 suggests the following measures to help protect you and your business from becoming victims of the BEC scam:
We offer many different options, some as affordable as $1.50 per month, to help protect your email accounts. For more information on this, or any of our services, please visit our website at techiibuisness.wpengine.com, or give us a call at (518) 587-1565.
Click here for original article from FBI website.