FBI: Business email compromise tactics used to defraud U.S. vendors

FBI: Business email compromise tactics used to defraud U.S. vendors

The Federal Bureau of Investigation is warning companies in the U.S. of threat actors using tactics similar to business email compromise that allow less technical actors to steal various goods from vendors.

Typical business email compromise (BEC) attacks focus on stealing money by tricking the victim into diverting funds to the fraudster’s account.

In 2021, the losses associated with BEC schemes reached almost $2.4 billion in the U.S. alone. The figure is based only on the complaints received by the FBI that year, close to 20,000.

In the type of fraud that the FBI observed the threat actor is employing false acquisition schemes to obtain various products from vendors across the country.

Skilled fraudsters

In an alert on Friday, the FBI notes that criminal actors are impersonating the email domains of U.S.-based companies to initiate bulk purchases.

The fraudsters are diligent enough to use spoofed emails with names of real employees, current or former, of the businesses they impersonate.

“Thus, victimized vendors assume they are conducting legitimate business transactions fulfilling the purchase orders for distribution,” the agency explains.

According to the FBI, among the commercially available goods targeted in this type of fraud are construction materials, agricultural supplies, computer technology hardware, and solar energy products.

While the technical skills required to spoof an email address are very low, it appears that the actors are skilled fraudsters knowledgeable in business payments and how to hide the cheating.

The FBI says that the criminal actors would also delay the discovery of the swindle by applying for credit (Net-30 and Net-60 terms) from the seller based on fake references and counterfeit W-9 forms that include income information.

After being granted a 30 or 60-day credit repayment term, the fraudsters can start additional purchase orders without having to pay in advance.

The FBI recommends vendors check the source of an email before agreeing to a transaction. They can pull the buyer’s contact information from a reliable source (e.g. company’s website, social media, or online databases) and call them directly to inquire about the purchase intent.


Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

join
Telegram
discord
Discord
reddit
Reddit
linkedin
LinkedIn