Business Email Compromise Continues to Plague

It seems that an annual jaunt through the success cybercriminals are having with business email compromise (BEC) and fleecing money from companies, organizations and governmental entities is a requirement. Last year we asked the question, “Are you vulnerable to BEC fraud?” defining BEC and sharing with you the activities of the FBI to thwart the cybercriminals. The key takeaway in 2018 was that cybercriminals were targeting individuals with fiscal authority. And, based on information released from the Department of Treasury, the criminals were having a well-paid field day. Things have changed a bit as we write this in July 2019.

Now we learn from the Financial Crimes Enforcement Network (FinCEN) the criminals continue to be extraordinarily well-paid. We also learn that the manufacturing and construction sectors are the top targets for business email compromise, according to the July 2019 “Financial Trends Analysis.”

The report shows that 1,100 suspicious activity reports described business email compromise in 2018. Of those 1,100 reports, 20% targeted manufacturing and construction, which saw an increase of 6% to 18% of incidents targeting commercial services (FinCEN defined commercial services as shopping centers, entertainment facilities, and lodging).

The amount of loss of estimated at $310 million per month, a $200 million increase from 2016.

If there was any doubt that criminals are bent on compromising the communications of businesses, organizations and governments to induce an employee to execute on a fraudulent financial request, this should put a damper on the idea that certain businesses are impervious.

Signs of BEC

In 2017, according to the analysis, 33% of all the scams included an impersonation of the CEO. That number fell to 12% in 2018, though impersonating an outside entity captured 20% of the incidents in 2018 (it was unrecorded in 2017). This is indicative of the cybercriminals adjusting their methodologies to avoid fitting in the pattern of activity being described in law enforcement warning memos.

Where every organization needs to pay attention is in the processing and execution of vendor or client invoices. The 2018 analysis showed fraudulent invoices accounted for 39% of all suspicious activity reports. The average dollar value of each instance of invoice fraud was $125,439, which is larger than those instances where a CEO or CFO is impersonated—in those cases, cybercriminals reaped on average $50,272.

Check and double-check all incoming invoices to ensure they are legitimate. When contacted by your management team, have a means to validate any request involving the transfer of money that does not include how the original request was made. A request for the executive to call into the office to validate, for example, will evoke from cybercriminals either a tirade in the hopes of inducing an acquiescence or crickets.

What Victims Should Do

The FinCEN’s Rapid Response Program was created for the purpose of investigating these crimes and has the capability to claw back funds. Since 2014, the Rapid Response Program has recovered over $500 million in stolen funds. For more information on the program, contact FinCEN at [email protected]. Reporting the loss of funds rapidly will assist the FinCEN in collaboration with law enforcement and enable FinCEN to freeze the account.

Christopher Burgess

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 186 posts and counting.See all posts by burgesschristopher