FBI: BEC Scams Stole $1.2B In 2018

BEC scams are proving lucrative, according to recent FBI reports, which found that the bad guys’ haul doubled in 2018 over 2017. Separately, in Ireland, students accused by authorities over payments fraud have allegedly been learning a lot more than reading, writing and arithmetic.

Business email compromise (BEC) scams are gaining traction, and bilking unwitting individuals and companies out of an increasing amount of money. Recently announced statistics from the Federal Bureau of Investigation (FBI) bear out this trend.

As reported in Threatpost, losses from such schemes nearly doubled from $675 million in 2017 to as much as $1.2 billion in 2018. The numbers come from the FBI’s annual Internet Crime Report, which detailed that the use of social engineering, emails and other methods to get victims to wire money to fraudsters was a lucrative business.

Drilling down a bit, the FBI found increased incidences of gift card-related scams, and said, “The victims received a spoofed email, a spoofed phone call or a spoofed text from a person in authority, requesting the victim purchase multiple gift cards for either personal or business reasons.”

According to Threatpost, Ronnie Tokazowski, senior threat researcher at Agari, said, “For trends that we’re seeing, actors have been asking for gift cards instead of wire fraud, but still engage with wire fraud as well. For gift cards, once they have the pictures of the cards from the victims, they sell the cards on gift card exchanges where they can sell the cards to bitcoin. Actors usually get around 70 percent of the face value of the card in bitcoin.”

In other FBI-related anecdotes around BEC fraud, the bureau noted that scams also came from fraudsters who pretended to be real estate brokers. The FBI warned against groups, such as London Blue and Scarlet Widow, continuing to ply their trades, even as the agency arrested 74 individuals in June of last year and managed to recover millions of dollars stolen through BEC activities.

Payroll diversion has become a significant form of payments fraud as well — in this case, the bad actors snare login credentials from employees, and change direct deposit information. The FBI received 100 complaints about this type of fraud, which garnered $100 million in stolen funds.

In Ireland

Separately, in Ireland, the Independent reported that “hundreds of students are staring at the prospect of jail time” in the wake allowing fraudsters to use their financial accounts as mules.

As alleged by authorities tied to the anti-fraud garda, the accounts were used to launder hundreds of millions of euros through banks based in Ireland. The students were complicit in the fraud, and reportedly accepted cash for their accounts to be used for the money laundering.

In Kentucky

A bit closer to home, in Lexington, KY, Scott County Public School officials said this past week that the district had fallen prey to a $3.7 million cyber scam that is now being investigated by the FBI. The Lexington Herald-Leader said that BEC scams struck home after a would-be vendor pretended it had not received payment for an invoice.

That email led to the creation of an automated payment account, and funds were transferred. No other financial data or student-related data had been compromised, according to the report.