FinCEN: BEC far worse than previously believed
FinCEN Advisory: FIN-2019-A005 |
The FBI’s Internet Crimes Complaint Center (IC3.gov) has previously called BEC a $12 Billion Scam. As we shared in April in our post IC3.gov: BEC Compromises and Romance Fraud 2018, IC3.gov documented that during calendar 2018 $1.2 Billion was stolen from 19,140 companies just in the United States. That averages out to $3.3 Million being stolen each day with 52 U.S.-based businesses falling victim each day. But the IC3.gov reports are based on actual reports received from victims who fill out a Complaint Form on the IC3.gov website. We strongly encourage victims to report at IC3.gov, as it offers the ability to provide many additional investigative details.
Victims are STRONGLY encouraged to report at IC3.gov! |
The FinCEN approach was able to use a different intelligence source to gather their numbers and what they found was far worse than what the FBI has reported. From October 2013 until May 2018, the FBI’s IC3.gov gathered reports of $12 Billion in fraud, from all sources, both domestically and internationally. FinCEN’s previous BEC advisory shared that from 2013 to 2016, FinCEN had identified 22,000 cases of Business E-mail Compromise and E-mail Account Compromise with $3.1 billion in losses, or roughly $1 Billion per year. The September 6, 2016 advisory was “Advisory to Financial Institutions on E-Mail Compromise Fraud Schemes [FIN-2016-A003]“. FinCEN’s current advisory states that the new information is complementary to the 2016 advisory, and that the 2016 advisory contains many important details that will still be helpful to consumers and business account holders alike.
United States Businesses and Consumers have suffered $9 Billion in BEC Fraud Attempts since September 2016!
By comparison, FinCEN reports that JUST SINCE September 2016 they have been able to document 32,000 cases of attempted theft via BEC fraud schemes totaling $9 Billion in theft attempts. The rate of loss has increased by three-fold! $9 Billion since September 2016 is approximately $8.7 MILLION DOLLARS PER DAY!!!
Some of the current top trends include:
Top Sectors Targeted in BEC:
1. Manufacturing and construction (25% of all cases)
2. Commercial services (18% of all cases)
3. Real Estate (16% of all cases)
The impersonation of top executives is still a major method of social engineering in these email attacks. 50% of attacks use an email claiming to be a CEO or President of the company.
Other Top Targets by Value in BEC:
1. Governments – many governments have been targeted, especially small municipal government offices. Targets often include pension funds, payroll accounts, and contracted services (which may be matters of public record.) Vendor impersonation in the latter case is especially prevalent.
2. Educational Institutions – Just in 2016 – 160 incidents attempted to steal $50 million from educational institutions, and while in 2017, only 2% of attacks were against schools, the dollar value was far higher than average. Tuition payments, endowments, grants, and renovation and construction costs are all high value transactions often conducted online. Again, watch for vendor impersonation! Large-scale construction and renovation projects are often publicly announced, attracting scammers to the same projects.
3. Financial Institutions – while not a high percentage by sector, the attempted theft against FIs themselves often includes very high dollar values. These often come in the form of SWIFT payment requests (used in international wire transfers.)
The First Hop is Domestic
While previous advisories mentioned that money is often sent overseas, it is important to understand that the INITIAL transfer of funds will likely stay domestic. A person recruited as a money mule will often have opened the intermediary account in their own name or the name of a fraudulent business they have created for the purpose. AFTER the first hop, the money still is likely to quickly move to China, Hong Kong, the United Kingdom, Mexico, or Turkey. Often these money mules are recruited through Romance Scams, however others join willingly knowing they are going to earn a commission helping to launder money for criminals. This quick “wire in – wire out” is referred to in the criminal world as “wire-wire jobs” and is the inspiration of the FBI and USSS’s “Operation: Wire Wire” that we blogged about in a series of articles in June of 2018:
- 74 (Mostly Nigerians) Arrested in Business Email Compromise Action
- Operation Wire Wire: The South Florida Cases, Part 1
- Operation Wire Wire: the South Florida Cases Part 2
- Operation Wire Wire: the South Florida Cases Part 3
https://www.fincen.gov/sites/default/files/shared/314bfactsheet.pdf |
WHAT SHOULD WE SHARE?
- a) Email auto-forwarding
- b) Inbox sweep rules or sorting rules set up in victim email accounts
- c) A malware attack
- d) The authentication protocol that was compromised (i.e., single-factor or multi-factor, one-step or multi-step, etc.)
*** This is a Security Bloggers Network syndicated blog from CyberCrime & Doing Time authored by Gary Warner, UAB. Read the original post at: http://garwarner.blogspot.com/2019/07/fincen-bec-far-worse-than-previously.html