Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Money Stolen via BEC Scams Funneled to Banks in China and Hong Kong

The Continuous Growth of BEC Scams Demonstrated in the Latest FBI Report

BEC (Business Email Compromise) scams have grown to the staggering rate of 2,370 percent in the last couple of years, as reported by the FBI.

The latest FBI statistics reveal that “most victims report using wire transfers as a common method of transferring of transferring funds for business purposes; however, some victims report using checks as a common method of payment”. The stats are based on data from 50 states in the U.S. and in other 131 countries. Most of the stolen money has been funneled to banks in China and Hong Kong.

Related: DDoS Attacks Cost Organizations $250,000 per Hour

BEC scams are no longer only about scamming executives into transferring money into mule accounts. BEC scams now involve requests of personal information and tax forms such as W-2s for employees.

In the United States alone between June and December 2016, the FBI registered complaints that equal to $346 million in losses from 3,044 incidents. Losses outside the U.S. are even higher – $448 million in the same time frame.

The victims of the BEC/EAC scam range from small businesses to large corporations. The victims continue to deal in a wide variety of goods and services, indicating that no specific sector is targeted more than another. It is largely unknown how victims are selected; however, the subjects monitor and study their selected victims using social engineering techniques prior to initiating the BEC scam.


BEC Scam Prevention

In general, security solutions search for malicious documents or known blacklisted URLs to determine whether an email is suspicious. BEC scam emails, however, often lack any signs that would give away malicious intentions. BEC scams mostly rely on social engineering and exploit employees’ weaknesses, and are highly targeted. However, the fact that BEC and phishing share some similarities gives users (and employees) the chance to monitor for particular signs in the contents of such emails, as pointed out by Proofpoint researchers:

  • High-level executives asking for unusual information;
  • Requests to not communicate with others;
  • Requests that bypass normal channels;
  • Language issues and unusual date formats;
  • “Reply To” addresses that do not match sender addresses;

Also, besides educating their employees (CEOs included!), companies should look into email protection services and apps.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.