BEC Scammers Embrace Coronavirus Opportunity

BEC Scammers Embrace Coronavirus Opportunity

Fraud was all over the headlines this past week, with top stories related to Travelex’s ransomware payment, Luckin Coffee’s internal accounting fraud investigation, and new research anticipating an ongoing surge in payments fraud.

B2B payments are far from immune to fraud, and in this week’s B2B Data Digest, the business email compromise (BEC) scam reigns. The European Union’s law enforcement agency Europol recently issued a warning of how cybercriminals and other fraudsters are adjusting their strategies to take advantage of the current climate uncertainty stemming from the coronavirus.

“The number of cyberattacks against organizations and individuals is significant and is expected to increase,” Europol’s announcement stated. Indeed, only days later, Europol announced an arrest into one BEC scam involving the procurement of personal protective equipment (PPE).

New analysis from the Association for Financial Processionals issued a separate warning about the ongoing prevalence of BEC scams.

“Payments fraud and business email compromise, in particular, have been thorns in financial professionals’ sides for years, but this recent surge is especially concerning,” said Jim Kaitz, president and CEO of AFP, in a statement. “Organizations can better contain BEC scams by educating and training their employees, as well as adopting processes to validate payment requests internally.”

Below, PYMNTS looks at the data behind the latest B2B payments frauds, including BEC scams and beyond.

81 percent of firms were targets of payments fraud last year, according to recent data from the Association for Financial Professionals. Its survey, underwritten by JPMorgan, found that the BEC scam was the most popular attack, with 75 percent of all companies surveyed saying they were impacted by it in some way in 2019. Though the figure is high, it’s a decrease from 80 percent in 2018, the AFP noted. ACH credit fraud now accounts for more than one-fifth of payments fraud attacks targeting companies, while one-third is made up of ACH debit fraud.

$1.65 million was allegedly stolen by two Australians via BEC scam, Australian police say, according to reports in InfoSecurity. The individuals are accused of generating fraudulent invoices sent to businesses in an effort to divert company funds away from legitimate suppliers and into their personal bank accounts. The scams reportedly ran between 2018 and 2020, with targeted businesses operating across a range of industries, law enforcement said.

$3.22 million was defrauded from Hong Kong banks in an SMB lending scam, per reports in The Standard, with an executive of a small business admitting to her role in District Court earlier this month. Reports said the fraud involved defrauding five banks of 33 loans, and fraudulently acted as a guarantor for loans and trade facilities.

$7.25 million was stolen by a French pharmaceutical company via BEC scam, Europol announced last week, but a 39-year-old individual has been arrested in Singapore on suspicion of carrying out the cyberattack. Europol released additional distressing details about the scam, in which the attacker allegedly posed as a legitimate supplier of FFP2 surgical masks and hand sanitizer, which never arrived after the French pharmaceutical company paid for them.