74 people arrested for participating in Business Email Compromise schemes
The United States Department of Justice reported about arresting 74 people who were involved in Business Email Compromise (BEC) scam and swindled millions of dollars from people. However, authorities seized nearly $2.4 million and recovered nearly $14 million in fraudulent transfers.
Different versions of the scam aimed at businesses, employees and regular home computer users. Though, attackers usually target less skilled or elder users and trick them into transferring the money or revealing sensitive information.
The U.S authorities and various institutions, such as U.S. Attorneys' Offices, the Secret Service, Postal Inspection Services, Homeland Security Investigations, the Treasury Department, as well FBI and international law enforcement have been working together for six months in order to catch criminals.
Eventually, on June 11, 74 criminals were reported to be arrested. 42 of them were from the United States, 29 from Nigeria and the rest from Canada, Mauritius, and Poland.
BEC scams aim at business and individual people
Business Email Compromise scams are also known as cyber-enabled financial fraud which usually aims at small and large companies. Criminals usually send a phishing email to the employee that has access to the financial or sensitive information of the company.
BEC scams may involve fraudulent requests for checks rather than wire transfers; they may target sensitive information such as personally identifiable information (PII) or employee tax records instead of, or in addition to, money; and they may not involve an actual “compromise” of an email account or computer network. [Source: The U.S Department of Justice]
However, scammers do not bother to reach individuals too. Their targets might be from real estate purchasers to the elder people. Typically, attackers use social engineering techniques and trick users into transferring money to their account or revealing personal information.
Business Email Compromise scams have many different shapes and forms. However, they might be related to the other popular forms of hoaxes, such as:
- Romance scams;
- Employment opportunities scams;
- Fraudulent online vehicle sales scams;
- Rental scams;
- Lottery scams.
The growth of scams encourages to add an extra layer of security to avoid phishing attacks in the company
BEC scams keep growing during the past couple of years. Unfortunately, there’s no hope that the situation would change in a positive way in the future. Though, it’s important to invest in employees education and educate yourself about possible tricks that scammers usually use.
Criminals do their homework before sending phishing email. They create spoofed emails that have only a minimal difference. For instance, if a legitimate company’s email address looks like firstname.lastname@example.org, criminals might send an email from email@example.com.
Indeed, such minor changes might be hard to notice. However, everyone has to be very attentive nowadays to avoid losing the money or personal information. Companies should also add additional rules to make money transactions more complicated, for instance, make a phone call in order to confirm the transaction. Or apply two-factor authentication by another employee.
Double-checking always helps. Hence, anyone from the corporate or NGO worker from regular home computer users should get used to being very attentive with received emails in order not to become another victim of the scam.