The Financial Crimes Enforcement Network (“FinCEN”) issued an advisory and trend analysis alerting financial institutions to a recent surge in business email compromise (“BEC”) incidents, as reported in suspicious activity reports. According to FinCEN, these reported attacks climbed from 500 per month in 2016 to over 1,100 per month in 2018, with attempted BEC thefts increasing from $110 million per month in 2016 to $301 million monthly in 2018.
According to the advisory and analysis, a BEC scam typically involves a cyber criminal emailing false invoices or payment instructions to an individual or business while impersonating a supervisor, vendor or other legitimate third party. Once payment is made, the proceeds are fraudulently directed to a criminal-controlled account. Sometimes the emails originate from hacked accounts, while at other times, they are made to appear as communications from trusted sources. Victims can include businesses, government agencies, universities and non-profits, often those that make frequent wire transfers. Most BEC incidents reportedly involve transfers to domestic accounts in the United States, likely controlled by “money mules.”
Continue reading at: Mondaq.com