Morioh
Login
Destiny Volkman

Destiny Volkman

3 years ago

A study of more than 9,000 instances of business email compromise (BEC) attacks all over the world shows that the number has skyrocketed over the past year, and that the social-engineering scam has expanded well beyond its historic roots in Nigeria.

The report from Agari’s Cyber Intelligence Division (ACID), entitled The Global Reach of Business Email Compromise, found that these attacks cost businesses a staggering $26 billion every year. And that trend appears to be accelerating. In fact, researchers found BEC attacks currently make up a full 40 percent of cybercrime losses globally, impacting at least 177 countries.

For context, the Anti-Phishing Working Group recently found that the average wire transfer in a BEC scam is around $80,000.

Beyond Nigeria

In a BEC attack, a scammer impersonates a company executive or other trusted party, and tries to trick an employee responsible for payments or other financial transactions into wiring money to a bogus account. Attackers usually conduct a fair amount of recon work, studying executive styles and uncovering the organization’s vendors, billing system practices and other information to help mount a convincing attack.

It started as an evolution from the old-school lures used by Nigerian cybergangs to trick people into giving them money: Fake princes, the promise of finding true love or even work-from-home gigs that sound too good to be true.

“Most of the seasoned actors have some nexus to Nigeria,” the report said. “It is here, after all, where BEC first gained global notoriety back in 2015, when email-fraud rings first began defrauding organizations by impersonating their CEOs and CFOs in email scams targeting employees.”

The rising payoff for these crimes has led to a period of innovation, according to the report, which identified a new “flavor” of attack, called vendor email compromise, which Agari credits to the criminal organization Silent Starling, located in West Africa.

In a VEC attack, crooks will first compromise accounts belonging to employees of suppliers, then target the vendors’ customers by purporting to be the owner of the compromised account and asking clients to transfer money to the “supplier” – which is actually a mule account.

Meanwhile, these types of attacks have evolved to become more potent and more difficult to stop, largely because these operations have proliferated worldwide, beyond their Nigerian roots.

#most recent threatlists #web security #2020 losses #acid #agari #average wire transfer #bec #bec attacks #business email compromise #cybercriminals #global attacks #money mules #nigera #scam #social engineering

BEC Attacks: Nigeria No Longer the Epicenter as Losses Top $26B

threatpost.com

BEC Attacks: Nigeria No Longer the Epicenter as Losses Top $26B

BEC fraudsters now have bases of operation across at least 39 counties and are responsible for $26 billion in losses annually — and growing.

1.30 GEEK