Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Spam Campaign Business E-mail Compromise Pilfers $215 Million

    By
    SEAN MICHAEL KERNER
    -
    January 23, 2015
    Share
    Facebook
    Twitter
    Linkedin
      spam

      The FBI and the Internet Crime Complaint Center (IC3) are warning of a spam email campaign known as the Business E-mail Compromise (BEC) that has resulted in the global victim dollar loss of $215 million so far.

      The IC3 alert, which was issued on Jan. 22, provides statistics on the impact of the BEC campaign for the period of Oct. 1, 2013, to Dec. 1, 2014. During that period, the IC3 received complaints about BEC from 45 countries, with a combined victim count of 2,126. In the United States alone, the IC3 said there were 1,198 victims.

      While victims in the United States represented 56 percent of all BEC victims globally, they accounted for 84 percent of the financial losses. In terms of financial losses, the BEC campaign has resulted in U.S. victim financial losses of $180 million, while the total non-U.S. victim dollar loss has been $35 million.

      “The Business E-mail Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments,” the IC3 warned in its advisory.

      The IC3 advisory warns of multiple BEC variants that trick unsuspecting companies into sending money to the attackers. One version of BEC asks a business to send a wire transfer to a supplier with whom the business already has a working relationship. The wire transfer account is, in fact, a fraudulent account.

      “This particular version has also been referred to as ‘The Bogus Invoice Scheme,’ ‘The Supplier Swindle,’ and ‘Invoice Modification Scheme,'” the IC3 warned.

      In another variation of BEC, an employee’s personal email account is compromised, and then fraudulent requests for invoice payment are sent to vendors on the employee’s contact list.

      The BEC scam warning doesn’t come as a surprise to security experts contacted by eWEEK. Jonathan Spruill, senior security consultant at Trustwave, worked as a special agent in the U.S. Secret Service for nine years and has seen these kinds of scams before.

      Spruill said that the dollar impact doesn’t surprise him either, with attackers able to steal approximately $150,000 per victim. “It is likely within the range of what a criminal thinks they can con the victim into sending without raising suspicion,” Spruill told eWEEK.

      Eric Cowperthwaite, vice president of advanced security and strategy at Core Security, isn’t surprised by the IC3’s BEC warnings either.

      “This is why I trained all of the executives about email attacks and scams and whaling attacks when I was CISO at Providence Health and Services,” Cowperthwaite told eWEEK.

      What did surprise Cowperthwaite was that U.S. losses were only $180 million. “This has been going on a long time; there are a lot of companies that have fallen victim to this,” he said.

      As to why the BEC scam is successful, Spruill said a conveyed sense of urgency, threat of legal action or other phraseology drives the victim to comply with the criminal’s request.

      Best Practices

      The financial impact of BEC can be devastating to a company, but there are a number of proactive steps organizations can take to limit the risk. Spruill suggested that the old adage of “If it sounds too god to be true, it probably is” would prevent many from being victimized.

      “It never hurts to verify the authenticity of a message and the true intentions of the purported sender if there is any doubt,” Spruill said. “Using a technology product like a secure email gateway may help prevent the spoofed sender variety of these messages, and using digitally signed email may also help.”

      Cowperthwaite said that hardening organizations against BEC and similar attacks is an ongoing problem. He suggests that executives be trained to recognize potential attacks. There should also be accounting controls in place to limit risk.

      “Finance should establish policy requiring two executives to independently authorize wire transfers above a specific amount,” Cowperthwaite suggested. “The amount should be based on the risk tolerance of the company—i.e., how much financial loss can they tolerate versus the inconvenience of requiring two signatures.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×