Taking Back the ID

Business email compromise fraud

$5 billion and growing

According to an International Business Times report posted by A. J. Dellinger on June 13, Southern Oregon University lost $1.9 million in a business email compromise scheme. (See Fraudulent Email: Business Email Compromise Attack Costs Southern Oregon University $2M.) The money was intended to pay a contractor for his work on the university’s McNeal Pavilion and Student Recreation Center. Fraudsters posing as the contractor used a fraudulent email account to trick an employee into wiring the funds to their account.

It’s big and expanding rapidly

This case is an example of the business email compromise (BEC) scam that has ravaged businesses throughout the world for the past few years and caused financial losses in the billions of dollars. Organized crime groups are mainly responsible, but anybody can commit the fraud. According to a Feb. 17 alert from the FBI, here are two of the online tools they use to target their victims:

  • “Spoofing email accounts and websites: Slight variations on legitimate addresses (john.kelly@abccompany.com vs. john.kelley@abccompany.com) fool victims into thinking fake accounts are authentic. The criminals then use a spoofing tool to direct email responses to a different account that they control. The victim thinks he is corresponding with his CEO, but that is not the case.
  • “Spear-phishing: Bogus emails believed to be from a trusted sender prompt victims to reveal confidential information to the BEC perpetrators.”

This sophisticated scam targets businesses that typically pay bills via wire payments. Included in the BEC scam is the email account compromise (EAC) component that targets individuals who are responsible for wire transfer payments for a business.

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.