FBI arrests 74 in major crackdown on Business Email Compromise (BEC) attacks

FBI arrests 74 in major crackdown on Business Email Compromise (BEC) attacks

Phishing attack targeting financial organisations using SHTML file attachments

In a major success for law enforcement agencies against cybercrime groups that regularly carry out Business Email Compromise (BEC) attacks, the FBI arrested as many as 74 cyber criminals in just two weeks, 29 of whom were based in Nigeria, and another 42 were in the United States.

International cyber crime operation busted

The arrests took place following a six-month-long investigation that involved personnel from the FBI, the Department of Justice, the Department of Homeland Security, the Department of the Treasury, and the U.S. Postal Inspection Service. The agencies were able to bust several cyber crime groups located in the United States, Nigeria, Canada, Mauritius, and Poland.

“A number of cases charged in this operation involved international criminal organizations that defrauded small- to large-sized businesses, while others involved individual victims who transferred high-dollar amounts or sensitive records in the course of business.

“The devastating impacts these cases have on victims and victim companies affect not only the individual business but also the global economy. Since the Internet Crime Complaint Center (IC3) began formally keeping track of BEC and its variant, e-mail account compromise (EAC), there has been a loss of over $3.7 billion reported to the IC3,” said the FBI in a press release.

According to the FBI, a Business Email Compromise (BEC) attack is a scam that involves hackers targeting unsuspecting victims with access to company finances and trick them using social engineering and phishing tactics. This way, fraudsters are able to convince targeted users into making wire transfers to bank accounts thought to belong to trusted partners.

“Foreign citizens perpetrate many of these schemes, which originated in Nigeria but have spread throughout the world. The role of money mules, witting or unwitting, in BEC schemes is very important—they are used to receive the stolen money and then transfer the funds as directed by the fraudsters. The mules usually keep a fraction of the money for their trouble,” the agency added.

Major rise in BEC attacks

The fact that Business Email Compromise attacks are now among the most favourite weapons for cyber criminals has been known to the FBI and other investigative agencies since long. Last year, the FBI announced that between October 2013 and December 2016, as many as 40,203 BEC attacks were reported to IC3 and resulted in $5.3 billion in losses.

“The BEC/EAC scam continues to grow, evolve, and target small, medium, and large businesses. Between January 2015 and December 2016, there was a 2,370% increase in identified exposed losses3. The scam has been reported in all 50 states and in 131 countries. Victim complaints filed with the IC3 and financial sources indicate fraudulent transfers have been sent to 103 countries.

“Based on the financial data, Asian banks located in China and Hong Kong remain the primary destinations of fraudulent funds; however, financial institutions in the United Kingdom have also been identified as prominent destinations,” it added.

The rise in the number of BEC attacks also coincided with an overall reduction in the number of ransomware attacks across the globe. According to the FBI’s yearly Internet Crime report, even though businesses and organisations in the United States reported 2,453 complaints regarding ransomware infections in 2015 and 2,673 in 2016, the number of such complaints reduced drastically to a mere 1,783 in 2017.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]