Special offer
Home > Blogs > Robert Siciliano > Identity Theft Expert Speaker
bookmark_border

Inside the Business E-mail Compromise Scam

By
Services for Real Estate Pros with IDTheftSecurity.com Inc

Trick e-mail = fraudulent wire transfer = hundreds of thousands to millions of dollars stolen.

That’s what’s happening with business executives in select industries (e.g., chemical operations, manufacturing), says a report at threatpost.com, citing a finding from Dell SecureWorks.

The phishing e-mails are part of those Nigerian scams you’ve heard so much about, a business e-mail compromise scheme.

Security researchers have gotten a good glimpse into the inner workings of the BEC, thanks to one of the hackers, a key player, accidentally infesting his computer with the BEC malware.

The threatpost.com article explains that Joe Stewart of Dell’s Counter Threat Unit says that this hackster routinely uploads keystroke logs and screenshots to a server. This data includes many identities of the hacking group, and has been given to law enforcement for investigation. Stewart says that, thanks to the accidental infection, researchers have gained insight into the innards of their operation, such as viewing the group’s desktops.

What the hackers do is scour websites of specific industries for e-mail addresses. They construct e-mails, add malicious attachments, then send them along, hoping to get into a user’s account, which they then compromise. Their goal is monetary transactions between the target company and the hackers pose as a vendor which the company may already deal with.

The hacker/vendor replies with invoice and payment instructions, and the company is not aware that the recipient is the hacker. The hacker forwards the e-mail to the buyer who is tricked into wiring funds to the hacker. Though this group is not sophisticated, they’ve managed to come away with hundreds of thousands of dollars just from one company. Upon success the wired funds are directed to the hackers.

Overall, the scams have resulted in $3.1 billion lost, says the FBI. The article points out that the BEC scheme is not to be confused with the BES scams (business e-mail spoofing). The BEC operation doesn’t send spoofed e-mails; it uses malware or exploits to gain control of e-mail accounts.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Show All Comments
Wayne Martin
Wayne M Martin - Chicago, IL
Real Estate Broker - Retired

Good morning Robert. Getting harder and harder for the ranks and file guy to protect themselves. Sad state of affairs. Enjoy your day!

Dec 01, 2016 05:52 AM
Gabe Sanders
Real Estate of Florida specializing in Martin County Residential Homes, Condos and Land Sales - Stuart, FL
Stuart Florida Real Estate

Thanks Robert.  This has become a big problem in wire transfers for closing agents.

Dec 02, 2016 05:18 AM
Kathy Streib
Cypress, TX
Home Stager/Redesign

Robert- and they keep on finding ways to take money that they didn't legally earn. 

Dec 03, 2016 01:11 PM
Gary L. Waters Broker Associate, Bucci Realty
Bucci Realty, Inc. - Melbourne, FL
Eighteen Years Experience in Brevard County

Great reminder here. Be leery of all unknown senders and don't click on anything suspicious.

Dec 12, 2016 04:13 AM
Back to Top

What's the reason you're reporting this blog entry?

Are you sure you want to report this blog entry as spam?