An Insight Into the World of Business Email Compromise

You must have come across different forms of scams resulting in the fraudulent transfer of money. Although there are discrete businesses involved here, together, they are called the Business email compromise group. They use a variety of different techniques to coordinate such transfer and hacks. These BEC attacks have accounted for huge losses for companies in the US in 2016.

Who do BEC attackers target the most?

Previously, BEC was termed as the Man-in-the-Email scam. They mostly target executives and companies that coordinate transactions of huge amounts of money.  Since they are conducting such business regularly, any kind of phishing activities or compromised keyloggers by the BEC attackers mostly go unnoticed.

In their activities, these attackers pose as executives or CEOs who excel at conducting these wire transfers. Previously, they do careful monitoring of different organizations and mark their potential victims. They consider several factors and track their movements. When they find the righteous moment, they lay their trap.

What are the types of BEC scams?

To date, people have identified five types of BEC scams. These include:

Bogus invoice scams

In this type of scam, the common targets are the companies that have several foreign suppliers. As a result, it is difficult for them to keep track of different kinds of invoices that arise from these suppliers. The BEC attackers pose as some of these foreign suppliers and prepare a bogus invoice. They request funds with these invoices. The victim company considers them as real and pays the money mentioned in the invoice. Most of these companies deal with a huge order, and the money involved is also huge.

Posing as CEO

Some of the hackers take up the image of a CEO of a company. Any other executive position is also their target. By posing like one, they send mails to the employees involved in the finance department asking for the transfer of funds. Sometimes, they even hack into the original CEO’s account to send the mail. The employees blindly transfer the money to their account since they believe in their CEO. However, they can be caught since bank account details are different.

Hacked accounts

In this case, the attackers hack into the employee or executive’s mail accounts. Through these emails, they request different vendors to transfer funds against fraudulent invoice payments. They get the contacts of all their vendors since they are listed for easy use in the future. All the transferred money is then directed to fraudulent bank accounts. Since the mail is from a person the vendors have a long-term association with, the vendors prefer not to double-check before transferring funds.

BEC attackers posing as attorneys

Attorneys and lawyers are some of the most trusted individuals in this society. People often trust them with all their confidential matters. Therefore, the BEC attackers sometimes pose as lawyers and attorney officials and ask victims about confidential information. Some of these information include company finances, bank account-related information, jurisdiction cases, etc.

The BEC attackers target their victims through phone calls or emails. They target the end of business hours to show urgency in their work. They mostly ask for immediate actions since they wish the work not to be passed onto the next day. They are most active at the end of the business weeks. Due to such high urgency, the victims disclose important information to them without inspecting much. As a result, it becomes a cakewalk for the BEC attackers to usurp their money and information.

Data theft

In this kind of hack, the BEC attackers target the bookkeeping or employees under HR to take data related to different employees. These personally identifiable information, such as bank details, tax statements, etc., are then stored for future use. They also target employees through this method.

One common place where this technique is utilized is in online casinos. The players have to feed in essential and confidential data about them to create their accounts. One such data is their bank account-related information. The players might find that in spite of winning money, their bank accounts get deducted. Since a lot of money is involved in casinos, they are a happy hunting ground for BEC attackers.

For this reason, most players prefer not to disclose much banking information to the website. They prefer to use trusted third-party systems like Paypal for any kind of transaction. Eminent casino companies like Dominoqq have a high-security system to take care of the players’ information. Choose casino websites like these if you want to play securely.

These are some of the ways BEC attackers make fraudulent transactions from victim’s accounts. You can often track them in their mails since they often use common words like urgent, payment, transfer, request, etc. Since these emails do not contain any malicious viruses, links, or attachments, they are not detected by traditional antivirus solutions. Companies must conduct different training and awareness programs for employees to spot and evade such scams.

The views expressed in this article are those of the authors and do not necessarily reflect the views or policies of The World Financial Review.