Business Email Compromise Leads to $737,000 Transfer to China

The FBI classifies “phishing that leads to loss” as Business Email Compromise (BEC). In a recently released story that closely matches the BEC hack in Omaha I wrote about back in February, another company fell victim to a spearphishing attack where an email that appeared to come from the CEO to an accountant with instructions to a wire transfer of $737,000.00 and to expect a follow-up call from a lawyer who would have the account numbers to complete the transaction.

The scammers, believed to be members of organized crime groups from Africa, Eastern Europe, and the Middle East, primarily target businesses that work with foreign suppliers or regularly perform wire transfer payments. The scam succeeds by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques. Businesses of all sizes are targeted, and the fraud is proliferating.

When the CEO happened to call into a meeting the next day, the accountant, also in the meeting, told the CEO that the transaction was completed… that’s when this happened:

shfan


 

The following BEC statistics were reported to the Internet Crime Complaint Center from October 2013 to August 2015: link

• Total U.S. Victims: 7,066
• Total U.S. exposed dollar loss:

$747,659,840.63

• Total non-U.S. victims: 1,113
• Total non-U.S. exposed dollar loss:

$51,238,118.62

• Combined victims: 8,179
• Combined exposed dollar loss:

$798,897,959.25

 

This entry was posted in Security Blog and tagged , , , , , , , . Bookmark the permalink.