FinCEN BEC attacks report: Analysis


The Financial Crimes Enforcement Network (FinCEN) is a U.S. government institution responsible for collecting and analyzing financial information with the aim of combating financial crimes. In 2016, FinCEN issued an advisory to financial institutions on business email compromise (BEC) fraud. On the 16th of July 2019, FinCEN updated the 2016 advisory.

In this article, we’ll examine the five main points of the updated advisory, namely, (i) the changes in the operational definitions of email compromise fraud, (ii) the inclusion of references to other victims of BEC, (iii) providing new information about the trends in the field of BEC, (iv) the insertion of a description of the business processes that are vulnerable to BEC fraud and (v) a detailed examination of the opportunities for information sharing related to BEC fraud. These five points are discussed in more detail below.

Security Awareness

Changes in the operational definitions

In the updated advisory, FinCEN broadened the definitions of email compromise fraud in such a way as to include a variety of entities that may become fraud victims and a variety of payment methods that can be used to transfer funds to fraudsters. For example, the amended definitions cover not only wire transfers, but also cryptocurrency payments, the use of automated clearing house transfers and transfers of gift cards. 

The amended definitions may be included by financial institutions in their Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) frameworks.

The inclusion of references to other victims of BEC

The updated advisory states that, besides companies, victims of BEC may also include governments, educational institutions and financial institutions.

BEC attacks on governments (both local and foreign) mostly target email accounts used to operate payroll bank accounts and pension funds. Such attacks mainly rely on sending emails which look similar to emails from trusted (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Dimov. Read the original post at: