Business Email Compromise Grows Wild as Companies of All Sizes Fall Victim to Spoofed Emails
- These fraud scams have caused the organizations across the world to lose more than $26 billion between June 2016 and July 2019.
- BEC scam is usually carried out by compromising legitimate business or personal email accounts.
Business Email Compromise (BEC) has cost a staggering amount of money for enterprises. According to the reports from the FBI, such fraud scams have caused organizations across the world to lose more than $26 billion between June 2016 and July 2019.
Modus operandi of BEC scam
BEC scam is usually carried out by compromising legitimate business or personal email accounts. This is done by using social engineering techniques or by gaining unauthorized access to victims’ computers.
One of the significant social engineering techniques involves sending spoofed emails - that contain alerts or warnings or documents - to victims. The recipients believe the emails to be real and transfer the money to the hackers’ accounts.
Falling victim to BEC scams
The simple and fool-proof BEC scam has not even spared the big IT giants, leading to a loss of millions of dollars. Here’s look at some of the big losses:
- A Lithuanian man managed to trick Google and Facebook into transferring $123 million into a bank account under his control. The culprit posed as a company named Quanta Computer - that provided the internet giants with hardware for their data centers - and sent emails to the firms with forged invoices and fraudulent contracts.
- Toyota Boshoku Corporation, a subsidiary of the Toyota Group, suffered a loss of $37.3 million in a BEC scam. In August 2019, the firm was duped into making a large fund transfer outside the company. Following this, Toyota Boshoku established a legal professionals team and launched an investigation on the incident.
- France’s leading independent film group, Pathe lost $22 million in a BEC scam that targeted its Dutch office. The fraud scam was carried out in March 2018 using several emails that pretend to be from the personal account of Pathe CEO like Marc Lacan. Following this loss, the CEO and finance director of the company were sacked.
- A leading children’s charity ‘Save the Children Federation’, was conned into sending $1 million to fraudster’s bank account. The attacker managed to compromise an employee’s email account and from there had sent fake invoices and other documents designed to trick the organization.
Taking the scam one level up
While scams through spoofed emails continue to be rampant across all types of sectors, cybercriminals have come up with a new technique to trick victims. In a first-of-its-kind vishing attack, fraudsters have been found using AI-based voice-generating software to trick employees. This has caused a UK-based energy firm to lose around $243,000.