BEC scams (business email compromise) are big business for cybercriminals. According to the Financial Crimes Enforcement Network (FinCEN), these scams generate around $301 million every month, or $3.6 billion a year.
The aim of a BEC scam is to trick an employee into carrying out a fraudulent bank transfer. To do this, cyberattackers send an email impersonating someone high up in the company, asking for a sum of money to be transfered to a bank account belonging to the cybercriminal.
Operation reWired: 281 BEC scammers arrested
At the start of September, a joint operation between international law enforcement agencies led to the arrest of 281 people charged with carrying out BEC scams all over the world, and the seizure of almost $3.7 million.
Operation reWired was a coordinated effort between the US Department of Justice (DoJ), Department of Homeland Security, US Treasury, the Postal Inspection Service and the Department of State, as well as law enforcement agencies in nine other countries.
Most arrests occurred in Nigeria, where 167 people were arrested. 74 people were arrested in the USA, 18 in Turkey, 15 in Ghana, and others in France, Italy, Japan, Kenya, Malaysia and the UK. Those arrested are accused of scamming both companies and individuals.
Operation reWired began in May, when the first arrests were made. Money mule warning letters were also sent, and asset seizures and repatriations were made.
Among the cases listed by the Department of Justice are those of Kenneth Ninalowo, who is accused of laundering over $1.5 million stolen in BEC scams. Among his victims were a community college and an energy company, which were tricked into sending $5 million to a fraudulent bank account.
Also arrested were two Nigerian nationals accused of stealing $3.5 million from a healthcare organization in Georgia, Atlanta; and four US citizens accused of carrying out a $10 million BEC scam that affected hundreds of people in the United States.
The huge impact of BEC scams
These days, many companies take out cyberinsurance to cover the costs of possible cyberattacks, such as ransomware or this type of scam. According to the insurance company AIG, BEC scams are now the main reason companies file cyberinsurance claims. In fact, last year, 23% of these claims were related to BEC scams.
This sharp increase indicates how prevalent this trend is; in 2017, just 11% of cyberinsurance claims were BEC-related.
Don’t let BEC scams bring your company to a halt
Even though Operation reWired has stopped nearly 300 scammers, BEC scams are far from over. In fact, around 400 companies are targeted by this kind of scam every day. This is why organizations of all kinds must protect themselves.
The first line of defense is prevention and awareness. Employees are the weakest link in the cybersecurity chain, and so are often, unwittingly, the entry vector for an attack on the company. Employees must be trained in cybersecurity, especially in subjects such as the use of robust passwords to avoid password spraying attacks; and the dangers of recycling passwords, something that facilitates credential stuffing.
It is also important to highlight the dangers of opening attachments from unknown senders. BEC scams often start with malware, normally spyware, which is used to steal credentials that can then be used to spread believable content in these scams.
This is why it is vital to have security measures to stop cyberthreats from wreaking havoc in employees’ inboxes. Panda Email Protection proactively provides multilayer protection against all kinds of malware and spam for your company’s email in real time, thanks to online scans that are carried out in the Panda Security servers. This advanced scanning technology is carried out from the cloud, simplifying security management, since it can be used from anywhere, at any time, simply by accessing the web console. It also has integrated Cyren technology, with antispam, , pattern-based virus detection and reputation lists, which allow it to provide maximum protection.
As we’ve seen, these scams move a staggering amount of money. Avoid serious economic losses for your company by implementing robust protection that constantly monitors all the activity on your IT system.