Over the past three years, Business Email Compromise (BEC) schemes have caused at least $5.3 billion in total losses to approximately 24,000 enterprises around the world, according to the latest figures from the FBI. Since January 2015, there has been a 2,370% increase in identified exposed losses, amounting to an average loss of $218,000 per victim. The potential damage and effectiveness of these campaigns compelled the FBI to issue a public service announcement detailing how BEC scams work and how much damage it can cause to targeted employees and companies.
Billion-Dollar Scams: The Numbers Behind Business Email Compromise
How do BEC Schemes work?
The FBI defines Business Email Compromise as a sophisticated email scam that targets businesses working with foreign partners that regularly perform wire transfer payments. Formerly known as the Man-in-the-Email scam, BEC typically starts when business executives’ email accounts are compromised and spoofed, with the fraudster sending emails to an unknowing employee instructing them to wire large sums of money to foreign accounts.
While some cases involve the use of malware, BEC schemes are known for relying purely on social engineering techniques, making them very hard to detect. Recent incidents showed how employees were duped by emails masquerading as legitimate messages coming from company executives asking for information.
The BEC scam has five versions:
Version 1: The Bogus Invoice Scheme
Version 2: CEO Fraud
Version 3: Account Compromise
Version 4: Attorney Impersonation
Version 5: Data Theft
Which countries are most affected by BEC Schemes
Which company positions are most faked in BEC Schemes
BEC schemes bank on social engineering techniques that involve posing as an employee of the target company. Based on monitoring of emails used for BEC schemes, cybercriminals most often use the position of the CEO in their attacks. The cybercriminals send emails posing as the company CEO and instruct their target to make money transfers. Other company positions seen used for BEC schemes are the company president and managing director.
Which company positions are most targeted in BEC Schemes
Employees from companies’ finance department are found to the most targeted by BEC schemes. The CFO, or the Chief Finance Officer, was found to the be the most targeted in our monitoring. This make sense, considering the that these employees are most likely the ones in charge of tasks such as transferring funds to other parties.
What email subjects are most used in BEC Schemes
Despite the great impact BEC schemes have created, analyzing the flow of the attacks reveal that its components are surprisingly trivial. Analysis of the email subjects used in BEC schemes revealed that most are simple and vague, at times composed only of one word. However, the fact that such techniques are effective prove that they know their targets enough to elicit action.
What are the cybercriminal tools used in BEC Schemes
The tools used in BEC schemes are also another indicator of how easy it is for cybercriminals to launch such an attack. Most malware used in BEC schemes are off-the-shelf variants, ones that can be easily purchased online for a cheap price. Some malware can be bought for as much as $50, while some are far cheaper, or even available for free.
Incidents in 2014 showed how cybercriminals went beyond common attack methods to steal information. In the campaigns that used Predator Pain and Limitless, the emails sent to targets contained a keylogger that sends information back to the cybercriminal. Similarly, in June 2015, two Nigerian cybercriminals preyed on SMBs using a simple keylogger called HawkEye. Another BEC campaign reported in March 2016 targeted 18 companies in the United States, Middle East, and Asia used Olympic Vision, a simple keylogger available online for $25.
[Update: INTERPOL arrests Nigerian mastermind behind multiple BEC, 419, and romance scams]
In March 2016, a growing line of corporations and businesses have fallen for similar schemes. Companies like Seagate and Snapchat were among the high-profile businesses that were victimized by email scams using the same modus.
How can you defend your company from BEC?
Businesses are advised to educate employees on how BEC scams and other similar attacks work. These schemes do not require advanced technical skills, use tools and services widely available in the cybercriminal underground, and only needs a single compromised account to steal from a business. As such, here are some tips on how to stay safe from these online schemes:
BEC Components and What You Can Do About them
SOCIAL ENGINEERING
InterScan Messaging Security Virtual Appliance, as part of Trend Micro User Protection solutions, offers enhanced social engineering attack protection that provides protection against socially-engineered emails used in BEC attacks.MALWARE
Endpoint security capabilities in Trend Micro User Protection and Network Defense solutions can detect advanced malware and other threats used in Business Email Compromise schemes.BEC-related items
- Piercing the HawkEye: How Nigerian Cybercriminals Used a Simple Keylogger to Prey on SMBs
- From Cybercrime to Cyberspying: Using Limitless Keylogger and Predator Pain
- Battling Business Email Compromise Fraud: How Do You Start?
- Olympic Vision Business Email Compromise Campaign Targets Middle East and Asia Pacific Companies
- US and European companies Top Targets of CEO Fraud
- Security 101: Business Email Compromise (BEC) Schemes
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.