Fraudsters Try New Spins On The BEC Scam

The Business Email Compromise (BEC) continues to evolve. Fraudsters are adding new twists to what has become an increasingly common scam targeting businesses’ B2B payments activity.

New analysis from Bank Info Security, for instance, revealed that BEC scammers have begun to target corporates’ financial documents from accounts receivable departments to identify unpaid invoices, as well as information regarding Days Sales Outstanding and clients. The publication, citing Agari research, warned that the tactic makes BEC scammers’ messages all the more convincing.

Separate analysis from Singapore warned that monetary losses associated with BEC scams that specifically instruct targeted employees to send gift card redemption details are on the rise, too.

BEC is not the only cyberattack causing corporate losses, however, as ransomware threats continue to ramp up as well.

Below, PYMNTS explores the numbers behind the latest cases of B2B payments fraud — from attacks targeting government entities to banks’ struggle in managing the fraud threat from real-time payments.

Seventy-eight percent of Asia-Pacific (APAC) banks have said that their fraud losses have risen as a result of real-time payments, new data from FICO recently revealed. Researchers warned that the rise of faster payments — which gives banks a much shorter window in which to identify and mediate fraud — is placing new pressure on financial institutions to embrace more identity authentication technologies. Eighty percent of banks in the APAC region expect fraud losses to increase in 2020, though, despite their widespread use of multi-factor authentication, biometrics and passwords.

In Q4 2019, 104 percent more ransomware payouts were made than in Q3, with the average payment during Q4 hitting $84,116, according to Coveware’s Q4 Ransomware Marketplace Report. Analysts warned that some variants of ransomware began to target larger enterprises (thus, the larger payouts), with the cyberattack hitting a new high of demanding $780,000, according to InfoSecurity Magazine. Other attacks hit small businesses with demands as low as $1,500, researchers found.

Since last January, $987,000 has been lost to BEC scams demanding payment in the form of gift cards, new research out of Singapore has warned. According to law enforcement in the country, the BEC is increasingly targeting businesses with fraudulent requests for funds loaded onto iTunes or Google Play cards, claiming to be for work-related expenses or client gifts. Targets are instructed to submit cards’ redemption codes over email.

The losses for one Texas school district totaled to $2.3 million, thanks to a phishing scam. According to Forbes, the Manor Independent School District revealed a BEC scam, involving three transactions made to fraudsters over the course of a month. Reports said that attackers took advantage of the holiday season — in which administrators and employees often face a higher burden of work, and can, therefore, be too distracted to catch a potential fraud threat.

The estimated cost for New Orleans to restore City Hall operations totaled to $7.2 million, following a December 2019 cyberattack that has stalled government payments to suppliers. While government employees have been able to access systems, and the supplier billing portal is functional, reports noted that a backlog of supplier invoices will mean ongoing payment delays. The city was hit with the ransomware attack on Dec. 13, which led to a forensic investigation and the scrubbing of more than 3,400 government computers.