BEC fraud is one of the most common forms of cybercrime - and new BEC fraud gangs are emerging around the world to defraud companies into giving money, according to a new study.
Some of these scams have been carried out in the past by Nigeria, which accounts for about half of all BEC scams, according to analysis by security researchers Agari. However, a quarter of BEC e-fishing scams come from USA.
Overall, Agari identified BEC attacks from 50 countries around the world and identified South Africa and the United Kingdom as high-level areas of BEC activity.
The survey also identifies Eastern Europe and Russia as a region with a growing number of BEC fraudsters. While traditionally, they host trojan groups malware and ransomware, the emergence of BEC teams in these areas suggests that the threat landscape in cyberspace could change as corporate phishing scams become more profitable.
Nearly half of all BEC fraudsters in the United States are based in five states: California, Georgia, Florida, Texas and New York, although they have been identified. data for people who carry out BEC attacks in 45 states in total.
The goal of a BEC attack is to trick an employee of an organization into transferring a large amount of corporate capital - the average loss is $ 80.000, but some attacks can cost millions - to a fraudulent bank account.
Often, these phishing attacks will take the form of a "phoney email" sent in the name of a real executor, asking the victim to transfer money urgently to secure a business agreement or contract. In some cases, BEC scammers are known to violate legitimate real email accounts employees whom they know and use an established level of trust to help promote the transfer.
When one realizes that the transfer was fraudulent, it is already too late as the money is already in the hands of the attackers. The FBI reports that almost half of the reported financial losses from cybercrime in 2019 were lost to BEC scams.
Another element of these campaigns also has a significant footprint in the US. Researchers have collected information on 2.900 mule accounts of money run by people whose job it is to carry stolen money and found that 80% of them also relied on the US. This is mainly because US operations have historically been the primary target of BEC attacks and most of these attacks require victims to send money to accounts in the same country, Hassold said.
However, while "money mules" help the criminal activity, in many cases those involved do not know they are doing it, having been tricked into providing it aid through him social engineering or through "romantic scams".