Study: BEC Attacks On Financial Service Firms Up 60 Pct

Proofpoint finds in a new study that BEC scams have financial service firms in the crosshairs, with attacks on that sector up 60 percent at the end of last year. Separately, Nissan’s Ghosn allegedly charged millions in questionable expenses to his former firm, while NASA pins two failed space missions on faulty supplier parts — and falsified reports.

The waves of business email compromise (BEC) scams continue, with certain verticals seemingly marked by fraudsters.

As readers of this space are no doubt aware, BEC scams involve fraudsters assuming the identities of legitimate vendors or employees to entice unwitting victims to authorize funds sent to illicit accounts — then, the bad guys disappear with the money. In some cases, the fraudsters impersonate people working within the same firm, with directives to wire funds to “new” accounts that are ostensibly tied to legitimate business practices.

A recent survey by Proofpoint found that, amid the billions of dollars in fraud that occur worldwide and annually from BEC efforts, attacks on the financial services industry have been increasing. Proofpoint examined attacks on companies in this vertical, across 100 firms, between 2017 and 2018. The data showed that they were targeted 60 percent more frequently in the fourth quarter of 2018 than in 2017.

“Within targeted financial services organizations, 56 percent saw more than five employees targeted by impostor attacks in Q4 2018,” Proofpoint noted. “Just 17 percent of targeted financial services organizations had only one person targeted in the same quarter.”

Domain spoofing was also markedly higher. In the latest quarter, as much as 69 percent of firms were targeted by at least one attack that “spoofed” their own firm domain.

Overall, according to Proofpoint, 39 percent of emails sent from financial service domains in the last quarter of 2018 “appeared suspicious” or were categorized as “unverified.” The study found that the percentage was even higher for emails sent to the organizations’ employees, where the tally was 68 percent.

“About 36 percent of email[s] sent to customers from financial services-owned domains [were] unverified. The same was true of 19 percent of email[s] sent to business partners,” said the company.

Separately, Celadon Group, a freight trucking firm, said it will pay more than $42 million to settle fraud claims that were tied to allegations of false financial statements. As reported in The Wall Street Journal (WSJ), the company admitted to inflating values that were tied to more than 1,000 trucks in its fleet, through “false transactions” with a third party. As a result, earnings were inflated as well. The company will pay restitution to its shareholders, and will implement stricter internal controls.

In the continuing saga of former Nissan and Renault Chairman Carlos Ghosn, reports came this week that he had incurred millions of dollars in “questionable expenses,” which, per WSJ, included Cartier watches and a trip to Brazil’s Carnival festival. The findings come amid an audit performed for Ghosn’s former companies, which found what may be viewed as personal expenses of as much as $12.2 million incurred between 2009 to 2018.

“The findings present fresh peril for Mr. Ghosn. … He faces criminal charges in Japan related to alleged financial misconduct,” reported the WSJ. Ghosn has, for his part, disputed that any personal expenses were charged to the firms.

In a view of how fraudulent activity can hit government agencies, ScienceAlert reported that a supplier had been sending faulty aluminum parts to NASA, and falsifying reports for decades. The supplier, Sapa Profiles, had altered test results and certifications, as its parts were used in rockets. The faulty parts helped cause two missions to fail, and the company has been ordered to pay $46 million to NASA and scores of other companies it defrauded, reported the site.