Business Email Compromise (BEC) scams have surfaced among several US companies and have caused them damage costing along the lines of Billions, mentions a warning of the Federal Bureau of Investigation.
Per sources, BECs are “sophisticated scams” aiming at businesses involving electronic payments encompassing “wire transfers or automated clearing house transfers”. Usually, these scams include a cyber-con penetrating a legitimate business email account via device intrusion procedures.
Once the access has been acquired, the cyber-con is free to deceitfully dive into the email account to obtain funds by sending emails to suppliers, loaded with invoices of modified bank account details.
The hit list mostly consists of organizations that employ cloud-based email services, which makes it easier to go for Business Email Compromise (BEC) scams.
Per FBI, specially engineered “phish kits” with the ability to impersonate the cloud-based email services are used to prompt these scams only to exploit the business accounts and request or mi-sallocate funds.
Sources mention that the Internet Crime Complaint Center (IC3) received numerous complaints over the past years about companies having experienced damages amounting to a couple of Billions in “actual losses” as a result of the BEC scams.
The IC3 focused their attention on the BEC scams right after their number began to multiply rapidly across all the states of America.
The issue allegedly stands in the configuration of the cloud-based services which makes it almost effortless for cyber-criminals to exploit the company’s email accounts.
Obviously most cloud-based services are laden with security measures that intend to block all the BEC attempts. But that depends on the ability of the users to make good use of them. The maximum of these features needs to be enabled and manually configured.
Per sources, what makes these scams dangerous is that any organization, big or small, with kerbed IT resources is vulnerable.
The cyber-cons in addition to having control over the email accounts, usually also retrieve the address books of the exploited accounts to have a list of potential targets. Hence, a single bad apple could affect the entire basket, meaning a single affected organization could have ramifications for the entire business industry.