Business email compromise
Business email compromise attacks are a form of cyber crime which use email fraud to attack commercial, government and non-profit organizations to achieve a specific outcome which negatively impacts the target organization. Examples include invoice scams and spear phishing spoof attacks which are designed to gather data for other criminal activities. Consumer privacy breaches often occur as a result of business email compromise attack. Typically an attack targets specific employee roles within an organization by sending a spoof email (or series of spoof emails) which fraudulently represent a senior colleague (CEO or similar) or a trusted customer. [1] The email will issue instructions, such as approving payments or releasing client data. The emails often use social engineering to trick the victim into making money transfers to the bank account of the fraudster.[2]
The worldwide financial impact is large. The United States's Federal Bureau of Investigation recorded $26 billion of US and international losses associated with BEC attacks between June 2016 and July 2019.[3]
Incidents
- Dublin Zoo lost €130,000 in a such a scam in 2017 - a total of €500,000 was taken, though most was recovered.[4]
- The Austrian aerospace firm FACC AG was defrauded of 42 million euros ($47 million) through an attack in February 2016 - and subsequently fired both the CFO and CEO.[5]
- Te Wananga o Aotearoa in New Zealand was defrauded of $120,000 (NZD).[6]
- The New Zealand Fire Service was scammed out of $52,000 in 2015.[7]
- Ubiquiti Networks lost $46.7 million through such a scam in 2015.[8]
- Save the Children USA was the victim of a $1 million cyberscam in 2017.[9]
- Australian organisations that reported business email compromise attacks on the Australian Competition and Consumer Commission suffered approximately $2,800,000 (AUD) in financial losses for the 2018 year.[10]
- In 2013, Evaldas Rimasauskas and his employees sent thousands of fraud emails to get access to companies email systems.[11]
See also
References
- ↑ Joan Goodchild (20 June 2018). "How to Recognize a Business Email Compromise Attack". https://securityintelligence.com/how-to-recognize-a-business-email-compromise-attack/.
- ↑ "Tips to Avoid Phishing Attacks and Social Engineering" (in en). https://www.bankinfosecurity.com/tips-to-avoid-phishing-attacks-social-engineering-a-488.
- ↑ "Business Email Compromise Is Extremely Costly And Increasingly Preventable". Forbes Media. 15 April 2020. https://www.forbes.com/sites/forbestechcouncil/2020/04/15/business-email-compromise-is-extremely-costly-and-increasingly-preventable/?sh=74b6086c5d36.
- ↑ https://www.irishexaminer.com/ireland/dublin-zoo-lost-500k-after-falling-victim-to-cyber-scam-464818.html
- ↑ "Austria's FACC, hit by cyber fraud, fires CEO". Reuters. 26 May 2016. https://www.reuters.com/article/us-facc-ceo-idUSKCN0YG0ZF.
- ↑ "Te Wananga o Aotearoa caught up in $120k financial scam". NZ Herald. https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11563918.
- ↑ "Fire Service scammed out of $52,000". RNZ News. 23 December 2015. https://www.radionz.co.nz/news/national/292881/fire-service-scammed-out-of-$52,000.
- ↑ Hackett, Robert (August 10, 2015). "Fraudsters duped this company into handing over $40 million". Fortune magazine. http://fortune.com/2015/08/10/ubiquiti-networks-email-scam-40-million/.
- ↑ Wallack, Todd (13 December 2018). "Hackers fooled Save the Children into sending $1 million to a phony account". The Boston Globe. https://www.bostonglobe.com/business/2018/12/12/hackers-fooled-save-children-into-sending-million-phony-account/KPnRi8xIbPGuhGZaFmlhRP/story.html.
- ↑ Powell, Dominic (27 November 2018). "Business loses $300,000 to 'spoofed' email scam: How to protect yourself from being impersonated". Smart Company. https://www.smartcompany.com.au/technology/business-email-compromise-scam/.
- ↑ "Sentence in BEC Scheme" (in en-us). https://www.fbi.gov/news/stories/ringleader-of-business-email-compromise-scheme-sentenced-012820.
 |
