FBI says $43Bn losses are due to BEC fraud


By MYBRANDBOOK


FBI says $43Bn losses are due to BEC fraud

The FBI released a public service announcement revealing that business email compromise (BEC) attacks caused domestic and international losses of more than $43 billion between June 2016 to December 2021, with a 65% increase in losses between July 2019 and December 2021.

 

BEC or email account compromise are an advanced scamming technique that targets both employees and business and the businesses they work for. The scam includes social engineering as a means to compromise a legitimate business or personal email account or to perform an unauthorized transfer of funds.

 

The scam is not yet always associated with a money transfer, as one variation of the fraud involves compromising legitimate business email accounts and requesting employees personally identifiable information, Wage and Tax Statement (W-2) forms or even cryptocurrency wallets.

 

The FBI’s Internet Crime Complaint Center (IC3) feedback of this scam reveals two different modus operandi. The direct transfer method mirrors the traditional pattern of BEC incidents from the past. A cybercriminal sends altered wire information to the victim, and social engineers him or her to send a payment to a cryptocurrency custodial account controlled by the bad actor.

 

The second method is called the second-hop transfer in which the fraudsters make use of other cybercrime victims. The bad actor sends altered wire instructions to a victim, so that he or she sends payment to a second victim whose PII is owned by the attacker. The funds are then moved to a cryptocurrency account controlled by the cybercriminal, who can then cash it out the way they want.

 

Following measures can be followed for protection against BEC frauds:

· Use secondary channels or multi-factor authentication to verify requests for changes in account information. Make100% sure that the change request comes from a legitimate person.

· Ensure that the email is legitimate. If there are attached files, use malware analysis sandboxes and products to be sure the file is not malicious. Once again, ask for a manual inspection by IT security staff.

· Do not send PII information via email, especially login credentials. Be aware that most requests for such information by email are fraud attempts, even if it seems to come from a legitimate trusted entity.

· Monitor all financial accounts of the company on a regular basis for irregularities, especially missing deposits.

· Have all the software and operating systems up to date. In some cases, BEC cybercriminals might attempt to infect computers with malware, generally stealers.

 

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org