A business email compromise (BEC) attack is a type of cybercrime that uses email fraud to target specific organizations such as commercial, government, and non-profit organizations.
For example, spear phishing spoofing attacks aimed at collecting data for billing fraud or other criminal activities.
Consumer privacy violations are often the result of this business email fraud attack
A typical attack involves sending fake emails posing as a senior colleague (e.g. CEO) or a trusted customer to target employees in specific roles within the organization.
This email often instructs the victim to authorize payments or release customer data, and often uses social engineering to trick the victim into sending money to the attacker’s bank account.
The economic impact is significant, with the US Federal Bureau of Investigation estimated to have recorded $26 billion in losses in the US and abroad from BEC attacks between June 2017 and July 2019.
An example of damage
Dublin Zoo: lost €130,000 in 2017 – a total of €500,000 was defrauded, most of which was recovered.
FACC AG, an Austrian aerospace company: defrauded of €42 million ($47 million = $4.7 billion) in an attack in February 2016, after which both the CFO and CEO were fired
New Zealand’s Te Wananga o Aotearoa: defrauded of NZ$120,000
New Zealand Fire Service: defrauded of $52,000 in 2015
Ubiquiti Networks: defrauded of $46.7 million in 2015
Save the Children USA: $1 million in cybercrime in 2017
Australian Competition and Consumer Commission: approximately A$2.8 million in damage in the year 2018
How to commit business email fraud
Targeting Executive Assistants
During the workday, you receive an email that appears to be from your boss, asking you to purchase a gift card as an incentive for your team’s hard work during the pandemic.
You decide to use your department’s funds to buy a gift card, and you reply to the email of what you think is your boss with the code for the gift card.
Then I checked in the chat to see if he had received it and the boss had not requested a gift card
Comments