nstead of relying on high-skill technical methods, BEC scammers bank heavily on social engineering schemes, exploiting human nature to yield hefty gains. While the ubiquity of tech services in enterprise environments has prompted BEC scammers to impersonate Microsoft and Amazon in their display name deception tactics, they have continued to imitate high-ranking members of a company to intercept or divert money transfers. For 2018, data from Trend Micro™ Smart Protection Network™ security infrastructure shows that CEOs and Managing Directors/Directors are the most-spoofed executives.
To keep abreast of the landscape that BEC scammers are operating in, we look back on some of the noteworthy incidents and trends that made BEC a headline staple this year.
On top of losses due to the theft, Pathé incurred losses due to the legal dispute with the finance director. The former won and the court demanded Pathé to pay compensation, gross pension, and other emoluments.
he Australian Competition and Consumer Commission’s (ACCC) Scamwatch reported that the number of BEC scam incidents has increased by a third in 2018, with reported losses reaching AU$2.8 million dollars. The ACCC Deputy Chair noted that there is a misconception that BEC scammers target only small businesses, one that is debunked by the fact that Australian medium-sized businesses constituted the biggest numbers in reports and losses in the commission’s data.
Various organizations can be affected, from charities and local sporting clubs to real estate agents and the construction industry , with one losing more than AU$300,000.
BEC accounts for 63 percent of business losses reported to ACCC — a troubling figure that has prompted the commission to encourage Australian businesses to immediately review their process of verifying and paying accounts and invoices.
ybercriminals in Nigeria have been known for posing as people in financial need, online love interests, or generous princes. Now, they appear to be expanding their business by branching out to BEC schemes — a move that can potentially earn them hundreds of millions of dollars a year.Crowdstrike, which reported on the Black Axe gang , found that targets range from semiconductor makers to U.S. schools. Gang members impersonated executives and lawyers to lure victims into transferring huge sums of money to bank accounts. Their schemes seem to have paid off as they flaunt luxurious lifestyles on social media. Security researchers who have been tracking Nigerian cybercriminal gangs also note the gangs’ focus on social engineering, at times even using video calls . Once transferred, the defrauded money is laundered through bank accounts in China and other Asian countries.
aw enforcement agencies worldwide have been keeping a close watch on BEC scams due to the huge losses year on year since the FBI started recording in 2013. A testament to this is Operation WireWire, what is possibly the biggest crackdown on BEC scammers, which culminated in June. The major coordinated law enforcement initiative of the FBI, the Department of Justice, the Department of Homeland Security, the Department of the Treasury, and the U.S. Postal Inspection Service, with the help of partner agencies in multiple countries, led to the arrest of 74 people in the U.S., Nigeria, Canada, Mauritius, and Poland. The operation disrupted fraudulent wire transfers, leading to the recovery of about US$14 million, and seized an additional US$2.4 million.The FBI Director, Christopher Wray, said the bureau will continue working with law enforcement agencies in other countries to stop fraud schemes like BEC and protect citizens’ assets.After Operation WireWire, more arrests and indictments were made. In the same month, eight people were arrested for involvement in an Africa-based BEC conspiracy which swindled individuals and companies alike of US$15 million in a span of six years. In August, a man was arrested in Los Angeles for allegedly using six different false identities to open 23 bank accounts for fraudulent wire transfers. In one instance, his accomplice sent spoofed emails to a victim, leading to the transfer of US$531,981 to an account of a woman, who, in turn, transferred $60,000 to one of his fraudulent accounts.
n our security predictions for 2019 , apart from high-ranking company members, we predict that BEC scammers will target employees further down the company hierarchy, for example, secretaries or executive assistants. Because of its crafty nature — and human nature — usual cybersecurity best practices and solutions may be rendered futile. But there are security technologies available now that can help users and organizations avoid falling for it. Writing Style DNA , which is used by Trend Micro Cloud App Security™ (CAS) and ScanMail™ Suite for Microsoft® Exchange™ (SMEX) , can help detect email impersonation tactics used in BEC and similar scams. It uses artificial intelligence (AI) to recognize the DNA of a user’s writing style based on past emails and then compares it to suspected forgeries. The technology verifies the legitimacy of the email content’s writing style through a machine learning model (ML) that contains the legitimate email sender’s writing characteristics. When an email is suspected of spoofing high-profile users or their subordinates, the writing style is compared to a trained ML model and a warning is sent to the implied sender, the recipient, and the IT department.
To minimize the risk of BEC, addressing the human factor is critical. Cybersecurity awareness training and enforcing best practices against email threats can help stop scammers in their tracks. These, when supported by advanced security technologies (for example, Writing Style DNA) that interoperate with other security layers, build an effective defense against BEC scams and other cyber-enabled threats.
Like it? Add this infographic to your site:1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
In the first half of this year, cybersecurity strongholds were surrounded by cybercriminals waiting to pounce at the sight of even the slightest crack in defenses to ravage valuable assets. View the report
The upheavals of 2020 challenged the limits of organizations and users, and provided openings for malicious actors. A robust cybersecurity posture can help equip enterprises and individuals amid a continuously changing threat landscape. View the 2020 Annual Cybersecurity Report
sell cvv online joker cvv shop