FBI says $43Bn losses are due to BEC fraud
By MYBRANDBOOK
The FBI released a public service announcement revealing that business email compromise (BEC) attacks caused domestic and international losses of more than $43 billion between June 2016 to December 2021, with a 65% increase in losses between July 2019 and December 2021.
BEC or email account compromise are an advanced scamming technique that targets both employees and business and the businesses they work for. The scam includes social engineering as a means to compromise a legitimate business or personal email account or to perform an unauthorized transfer of funds.
The scam is not yet always associated with a money transfer, as one variation of the fraud involves compromising legitimate business email accounts and requesting employees personally identifiable information, Wage and Tax Statement (W-2) forms or even cryptocurrency wallets.
The FBI’s Internet Crime Complaint Center (IC3) feedback of this scam reveals two different modus operandi. The direct transfer method mirrors the traditional pattern of BEC incidents from the past. A cybercriminal sends altered wire information to the victim, and social engineers him or her to send a payment to a cryptocurrency custodial account controlled by the bad actor.
The second method is called the second-hop transfer in which the fraudsters make use of other cybercrime victims. The bad actor sends altered wire instructions to a victim, so that he or she sends payment to a second victim whose PII is owned by the attacker. The funds are then moved to a cryptocurrency account controlled by the cybercriminal, who can then cash it out the way they want.
Following measures can be followed for protection against BEC frauds:
· Use secondary channels or multi-factor authentication to verify requests for changes in account information. Make100% sure that the change request comes from a legitimate person.
· Ensure that the email is legitimate. If there are attached files, use malware analysis sandboxes and products to be sure the file is not malicious. Once again, ask for a manual inspection by IT security staff.
· Do not send PII information via email, especially login credentials. Be aware that most requests for such information by email are fraud attempts, even if it seems to come from a legitimate trusted entity.
· Monitor all financial accounts of the company on a regular basis for irregularities, especially missing deposits.
· Have all the software and operating systems up to date. In some cases, BEC cybercriminals might attempt to infect computers with malware, generally stealers.
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
SAP launches cloud services to help Indian scaleups innovate m
SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...
Denodo and Sonata form alliance to unlock data-to-value creati
Denodo and Sonata Information Technology India Limited (SITL) have annou...
Google Play Store will now let users download two apps simulta
Google Play Store now lets users download two apps simultaneously. While a...
Technology Icons Of India 2023: Ajit Balakrishnan
The Company markets specific channels, community features, local langu...
Technology Icons Of India 2023: Bharat Goenka
Bharat Goenka is the Managing Director of Tally Solutions. He is well ...
Technology Icons Of India 2023: Dr. Sanjay Bahl
Sanjay Bahl is currently with the Indian Computer Emergency Response T...
CERT-IN protecting the cyber security space of India
CERT-In serves in the area of cyber security threats like hacking and ...
BEL leveraging next generation technologies to keep the country ahead in Defence space
Bharat Electronics Limited (BEL) is a Navratna PSU under the Ministry ...
DRDO is India's largest and most diverse research organisation
DRDO is the R&D wing of Ministry of Defence, Govt of India, with a vis...
INFLOW TECHNOLOGIES PVT. LTD.
Inflow Technologies is a niche player in the IT Infrastructure Distrib...
REDINGTON INDIA LIMITED
Redington (India) Limited operates in the IT product distribution busi...
TEXONIC INSTRUMENTS
Texonic has carved a niche for itself in the Technology Distribution i...