Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

FBI – Crooks sought to steal over $3 billion through BEC scams

The FBI disclosed the data related Business e-mail compromise (BEC) crimes, hackers sought to steal over $3 billion through this illegal practice. Business e-mail compromise – BEC crimes are a serious problem for companies, hackers have sought to steal more than $3.1 billion from businesses exploiting this practice, the Federal Bureau of Investigation recently warned. The […]

FBI – Crooks sought to steal over $3 billion through BEC scams

The FBI disclosed the data related Business e-mail compromise (BEC) crimes, hackers sought to steal over $3 billion through this illegal practice.

Business e-mail compromise – BEC crimes are a serious problem for companies, hackers have sought to steal more than $3.1 billion from businesses exploiting this practice, the Federal Bureau of Investigation recently warned.

The data are even more worrisome if we consider the increment of BEC crimes observed in the last year, according to the FBI losses represent a 1,300 percent increase since January 2015.

Last update on data related BEC scams was shared by the FBI in an alert issued in April 2016, according to the Bureau, the cyber criminals have stolen more than $2.3bn from 17,642 victims since 2013 in BEC attacks. Each company has lost between $25,000 and $75,000 per attack.

What is a BEC scam?

“BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” reported the last Public Service Announcement (PSA). “Most victims report using wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices.”

Scammers use to pretend to be executives that send emails to employees that tricked into thinking the messages are legit, hand over sensitive information to the attackers.

Olympic Vision Business Email Compromise Campaign BEC

The impact of such kind of scams could be dramatic, the Austrian engineering firm FACC which designs Airbus, Boeing aero parts lost about 50 million euros ($55 million) due to a BEC scam.

In May, the FBI issued the annual Internet Crime Complaint Center (IC3) report that indicates 7,838 victims reported the loss of more than $263 million.

Now the FBI has updated its data reporting 22,143 worldwide BEC victims representing $3.1 billion in losses since January 2015. In the US the FBI counted 14,032 U.S. BEC victims representing $961 million dollars in losses between October 2013 and May 2016.

The data is alarming for the US authorities, 88 percent of all worldwide victims being U.S.-based and 90 percent of losses coming from US businesses.

“The BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300% increase in identified exposed losses. The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong.“ continues the PSA.

In order to avoid such kind of scams, the FBI recommends companies control the attack surface, carefully manage every corporate information is shared online, especially hierarchical information, job descriptions, and out of office details. Be suspicious of requests for secrecy or pressure to take action quickly. Consider additional IT and financial security procedures, including the implementation of

Let me close with statistics included in the PSA:

Domestic and International victims: 22,143
Combined exposed dollar loss: $3,086,250,090

The following BEC statistics were reported in victim complaints to the IC3 from October 2013 to May 2016:

Domestic and International victims: 15,668
Combined exposed dollar loss: $1,053,849,635
Total U.S. victims: 14,032
Total U.S. exposed dollar loss: $960,708,616
Total non-U.S. victims: 1,636
Total non-U.S. exposed dollar loss: $93,141,019

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Business e-mail compromise BEC , FBI)