FBI Offers Tips for Handling Scams and Compromised E-mail Accounts
The Federal Bureau of Investigation (FBI) periodically releases public service announcements pertaining to a variety of subjects, from notices about fugitives to information about traffickers’ methods to warnings of new and/or evolving cybercrime schemes. An alert released in May 2017, titled “Business E-mail Compromise, E-mail Account Compromise, the 5 Billion Dollar Scam”, takes a look at this strain of cybercrime, offering detailed information in the following areas:
Definitions – Business E-mail Compromise (BEC) is “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.” E-mail Account Compromise (EAC) is a component of BEC and targets individuals performing wire transfer payments. The scam occurs when a victim’s legitimate business e-mail account is compromised via social engineering or computer intrusion techniques and is subsequently used to conduct unauthorized transfers of funds.
Background – Businesses ranging from small to large are targets for BEC/EAC scams. Scammers target a variety of types of businesses as well, and it is largely unknown how victims are selected. In some cases, victims reported falling victim to Scareware or Ransomware attacks prior to the BEC incident.
Statistical Data – BEC/EAC scams are continually evolving and growing, and finding ways to target more and more varieties of businesses.
- The time period from January 2015 to December 2016 showed a 2,370% increase in identified exposed losses.
- Asian banks located in China and Hong Kong are the primary destination of fraudulent funds.
- Financial institutions in the United Kingdom are also prominent destinations.
Scenarios of BEC/EAC – The article offers five hypothetical scenarios, based on real-world scam complaints, to illustrate the ways in which this type of scam can be perpetrated.
Trends – W-2/PII data theft, the original BEC/EAC scheme targeting businesses working with dedicated international suppliers, and BEC/EAC scams targeting real estate transactions all showed an increase in incidence throughout 2016.
Suggestions for Protection – According to the article, “businesses with an increased awareness and understanding of the BEC/EAC scam are more likely to recognize when they have been targeted…and are therefore more likely to avoid falling victim.” The following are some of the techniques suggested:
- Deploy robust internal prevention techniques at all levels
- Hold customer requests for international wire transfers for an additional verification period
- Avoid free web-based e-mail accounts
- Be careful what you post to social media and company websites
- Be suspicious of requests for secrecy or pressure to take quick action
- Consider additional IT and financial security procedures
- Report and delete spam email—never open spam email, click on links within it, or download attachments from it
What to Do if You Are a Victim – It is important to take swift and decisive action in response to falling victim to this type of scam. The FBI PSA presents the following steps:
- Contact your financial institution immediately.
- Request that your financial institution contact the corresponding financial institution where the fraudulent transfer was sent.
- Contact your local FBI office.
- File a complaint with ic3.gov (bec.ic3.gov for BEC/EAC victims).
For greater detail, read the article in full at the FBI’s Internet Crime Complaint Center (IC3).