Two defense contractors and a university lost approximately $170,000 from business email compromise (BEC) scams last year, according to an FBI advisory obtained by CyberScoop. The scammers impersonated employees at the organizations by spoofing email addresses, and then used fraudulent lines of credit to rack up expensive purchases.
In one instance, a scammer impersonated a university employee and ordered 150 electronic measurement instruments from a US defense contractor, stealing a total of $80,000. Two similar incidents resulted in defense contractors losing $90,000. Alexander Heid, chief security officer at SecurityScorecard, told CyberScoop that business email compromise scams are growing increasingly popular due the high payoff for attackers.
“Business impersonation fraud is trending because it works,” said Heid. “With 1,000 target enterprises, if only 1 percent fall for the scam, that is still ten places wiring over large sums of money – and that adds up very fast. The incentive is there, the technology is there, the risk is low compared to traditional forms of crime, and now we are seeing the aftermath in the form of victim stories and law enforcement warnings after years of observed activity.”
The FBI said these scams could have been prevented if the suppliers had taken steps to confirm that the purchases were legitimate. In many cases, simply calling the other party over the phone can expose a fraudulent email exchange. New-school security awareness training can teach your employees to be suspicious of all transaction requests until they’re absolutely certain of their legitimacy.
CyberScoop has the story: https://www.cyberscoop.com/email-scammers-stole-150k-defense-contractors-university-fbi-says/
PS: Don't like to click on redirected buttons? Copy and paste this link in your browser:
https://info.knowbe4.com/ceo-fraud-prevention-manual