The wiles and ways of scammers to part businesses from their money continue to proliferate, and continue to use technology as a springboard to trick executives.
As researchers at Agari reported, business email compromise (BEC) attacks have been going mobile. As reported in Credit Union Times, the attacks are still done through email, but also look for mobile number details to “better coerce” intended victims to funnel funds to bad actors’ accounts. As noted in a blog by Agari’s James Linton: “This foundational conduit between attacker and victim has also now become the focus of evolution, with actors increasingly looking to transfer potential victims from email over to SMS.”
Transferring the communication to mobile devices creates more means for bad guys to get the money, such as instant messaging, text and cameras. The victim, or would-be victim, is put on the spot, so to speak, and must figure out whether he or she trusts the communication and requests for funds. As noted in other BEC scams, often the criminal impersonates an executive with the company.
As Linton wrote of the shift to mobile, “whether this approach is more realistic than a purely email-based exchange is, to a large extent, dependent on whether a mobile device is used in everyday communication within a targeted organization and would be quickly demonstrated by how the victim reacts to the initial request,” and the move to cell-based communication minimizes the risk of detection. It also opens the door to more cross-border scams, as it only costs a little bit of money to set up a temporary U.S. phone number. The Agari research found that the BEC scams play out similarly to gift card scams.
Separately, in reference to general fraud trends, Trend Micro reported that Singapore was the most “vulnerable” country in Southeast Asia last year, where there were more than three million malicious URLs affecting 15 million victims.
“Attacks that capitalize on the human desire to respond to urgent requests from authority are on the rise,” reported Security Asia. The number of BEC attacks, said Trend Micro, was up by 28 percent globally. The research showed that each BEC scam yields, on average, $177,000 in Singapore dollars. Singapore is the nation most beset by BEC attacks at more than 27 percent, followed by Malaysia at 26 percent.
In a statement, Trend Micro’s Nilesh Jain, vice president for Southeast Asia and India, said, “Changes across the threat landscape in 2018 reflect a change in the mindset of cybercriminals. Previously, attackers relied on 'spray and pray' style attacks. Today, they can be more effective with targeted phishing emails to infect victims who click the links or open the attachments. Enterprises need to strengthen their cyber defenses at every touchpoint, namely, on the endpoint, in the cloud and at the network layer.”
In terms of individual instances of fraud, The Guardian reported this past week that “the black hole” in the accounts of Patisserie Valerie have roughly doubled, as noted by forensic accountants. Reports came Friday (March 15) that the company’s cash accounts had been overstated by about 94 million pounds, according to KPMG's findings, while debts had been understated by 17 million pounds. The company was placed into receivership earlier this year amid findings of “potentially fraudulent” accounting irregularities (a criminal investigation has been opened). As The Guardian reported, it is unknown how much creditors may recoup from the dismantling of the several companies owned by the parent entity.