The FBI issued an alert yesterday regarding a “sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.”
According to the FBI, the scam, which has netted cybercriminals over $3.1 billion so far, is perpetrated by compromising legitimate business email accounts through computer intrusion techniques or social engineering to conduct unauthorized fund transfers.
“The BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300% increase in identified exposed losses,” said the FBI.
“The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong.”
Victims of the scam report using wire transfers as a common method of transferring funds for business purposes, said the FBI. Some victims also say they used checks to make payments, and the cyber thieves generally use the payment method closely associated with the victim’s normal business practice.
The victims of the BEC scam range from small businesses to large corporations. The victims continue to deal in a wide variety of goods and services, indicating a specific sector does not seem to be targeted.
Some individuals reported being a victim of various Scareware or Ransomware cyber intrusions immediately preceding a BEC incident. These intrusions can initially be facilitated through a phishing scam in which a victim receives an e-mail from a seemingly legitimate source that contains a malicious link.
The victim clicks on the link, and it downloads malware, allowing the actor(s) unfettered access to the victim’s data, including passwords or financial account information. The FBI asked victims to notify the agency and file a complaint, no matter the size of the loss.