16 Apr 2020

PPE, COVID-19 Medical Supplies Targeted by BEC Scams

The FBI has confirmed that agencies aiming to but items like ventilators have unknowingly been conned into a BEC scam in which they transfer funds to threat actors rather than legitimate organizations. There has been a shortage of personal protective equipment (PPE) in American hospitals across the country, and the

Read More
07 Apr 2020

FBI warns again of BEC scammers exploiting cloud email services

The FBI issued a warning to the public yesterday, stating that its Internet Crime Complaint Center (IC3) has received numerous reports of cybercriminals abusing could based email services in Business Email Compromise (BEC) attacks. This marks the second time within the past month that the FBI has warned of BEC

Read More
16 Mar 2020

Big BEC Bust Brings Down Dozens

Federal officials have arrested two dozen individuals as part of a business email compromise scheme that has cost victims $30 million in total. The individuals were arrested on charges related to fraud and money laundering schemes. Most of the individuals reside in Atlanta, Georgia, and are alleged to have committed

Read More
04 Nov 2019

Nikkei Hit in $29m BEC Scam

Japanese Media firm Nikkei, which owns the Financial Times, was scammed out of $29 million dollars in September of this year because a staff member of its US subsidiary fell for what seems to have been a textbook Business Email Compromise (BEC) attack, the company admitted. In a statement, Nikkei

Read More
09 Oct 2019

Only 1 in 5 enterprises have DMARC records set up with an enforcement policy

A new Valimail report shows that while companies are increasingly adopting the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol for email authentication, which is designed to prevent email spoofing attacks, the vast majority have not configured it properly. In fact, only 17% of email domains using DMARC have an enforcement

Read More
03 Oct 2019

New Silent Starling Attack Group Puts Spin on BEC

Security researchers with Agari warn that scammers are targeting companies with a new technique, which is a variation of business email compromise (BEC). The new attack, dubbed “vendor email compromise,” has been used by the Silent Starling group that is operating from West Africa. The scammers have so far taken

Read More
17 Sep 2019

Phishing attacks up, especially against SaaS and webmail services

Phishing attacks increased in the first half of this year, with many campaigns spoofing webmail and software-as-a-service (SaaS) providers, a recent APWG report[pdf] shows. The number of detected phishing campaigns surged from 138,328 in Q4 of 2018 to 180,768 in Q1 of 2019 and then grew further to 182,465 in

Read More
11 Sep 2019

281 suspects arrested in massive crackdown against BEC scammers

An international law enforcement operation code-named Operation reWired has resulted in the arrests of 281 people suspected of carrying out business email compromise (BEC) scams. 167 arrests occurred in Nigeria and 74 in the United States. Authorities also seized close to $3.7 million as part of the collaborative effort involving

Read More
11 Sep 2019

FBI: BEC now a $26 billion fraud, as HR payroll diversion attacks linked to same scammers

Business email compromise (BEC) scams have resulted in over $26 billion in global ‘exposed dollar losses’ over the past three years, the The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) estimates. The figure includes actual costs from successful scam campaigns and hypothetical costs from failed attacks. For

Read More
03 Sep 2019

BEC overtakes ransomware and data breaches in cyber-insurance claims

Business email compromise (BEC) has become the most common reason for organizations to file cyber-insurance claims, a new AiG study[pdf] covering the EMEA (Europe, the Middle East, and Asia) region shows. Last year, 23% of all cyber-insurance claims were related to BEC. Ransomware accounted for 18% of claims, followed by data

Read More