Inside the Business E-mail Compromise Scam

By
Services for Real Estate Pros with IDTheftSecurity.com Inc
https://activerain.com/droplet/4XNz

Trick e-mail = fraudulent wire transfer = hundreds of thousands to millions of dollars stolen.

That’s what’s happening with business executives in select industries (e.g., chemical operations, manufacturing), says a report at threatpost.com, citing a finding from Dell SecureWorks.

The phishing e-mails are part of those Nigerian scams you’ve heard so much about, a business e-mail compromise scheme.

Security researchers have gotten a good glimpse into the inner workings of the BEC, thanks to one of the hackers, a key player, accidentally infesting his computer with the BEC malware.

The threatpost.com article explains that Joe Stewart of Dell’s Counter Threat Unit says that this hackster routinely uploads keystroke logs and screenshots to a server. This data includes many identities of the hacking group, and has been given to law enforcement for investigation. Stewart says that, thanks to the accidental infection, researchers have gained insight into the innards of their operation, such as viewing the group’s desktops.

What the hackers do is scour websites of specific industries for e-mail addresses. They construct e-mails, add malicious attachments, then send them along, hoping to get into a user’s account, which they then compromise. Their goal is monetary transactions between the target company and the hackers pose as a vendor which the company may already deal with.

The hacker/vendor replies with invoice and payment instructions, and the company is not aware that the recipient is the hacker. The hacker forwards the e-mail to the buyer who is tricked into wiring funds to the hacker. Though this group is not sophisticated, they’ve managed to come away with hundreds of thousands of dollars just from one company. Upon success the wired funds are directed to the hackers.

Overall, the scams have resulted in $3.1 billion lost, says the FBI. The article points out that the BEC scheme is not to be confused with the BES scams (business e-mail spoofing). The BEC operation doesn’t send spoofed e-mails; it uses malware or exploits to gain control of e-mail accounts.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

close

Re-Blogged 1 time:

Re-Blogged By Re-Blogged At
  1. Gabe Sanders 12/11/2016 11:20 PM
Topic:
ActiveRain Community
Tags:
email
email security
email and web security

Post a Comment
Spam prevention
Spam prevention
Show All Comments
Rainmaker
2,685,020
Wayne Martin
Wayne M Martin - Chicago, IL
Real Estate Broker

Good morning Robert. Getting harder and harder for the ranks and file guy to protect themselves. Sad state of affairs. Enjoy your day!

Dec 01, 2016 05:52 AM #1
Rainmaker
4,308,247
Gabe Sanders
Real Estate of Florida specializing in Martin County Residential Homes, Condos and Land Sales - Stuart, FL
Stuart Florida Real Estate

Thanks Robert.  This has become a big problem in wire transfers for closing agents.

Dec 02, 2016 05:18 AM #2
Ambassador
3,337,795
Kathy Streib
Room Service Home Staging - Delray Beach, FL
Home Stager - Palm Beach County,FL -561-914-6224

Robert- and they keep on finding ways to take money that they didn't legally earn. 

Dec 03, 2016 01:11 PM #3
Rainmaker
1,459,067
Gary L. Waters, Broker Owner, Waters Realty of Brevard, LLC
Waters Realty of Brevard, LLC - Rockledge, FL
... a small office, delivering big service!

Great reminder here. Be leery of all unknown senders and don't click on anything suspicious.

Dec 12, 2016 04:13 AM #4
Post a Comment
Spam prevention
Show All Comments

What's the reason you're reporting this blog entry?

Are you sure you want to report this blog entry as spam?

Rainmaker
752,090

Robert Siciliano

Realty Security and Identity Theft Expert Speaker
Ping me to book a program for your group
*
*
*
*
Spam prevention