Corporate phishing scam in Britain: 3 firms suffers 1.3 Million USD

May 1, 2020
bec business email compromise phishing scam antiphishing bec domain monitoring

On the 3rd of April, business equity firms have been tricked for a wire transfer amounting to $1.3 million. The fraudulent act was accounted to ‘The Florentine Banker,’ a well-known hacker group that has been onto this type of phishing scam for several years now.

Using BEC (business email compromise) technique, they were able to infiltrate the Cybercrime Solutions posed on the system of the affected firms and swiftly performed that malicious attack. These types of phishing scam attacks are also noticeable in other profiteering sectors located in the US, Canada, Switzerland, Italy, Germany, and India, among others. The last known attack before this report was in China that lost $1 million of investment.

In the report, the hackers tricked high executive individuals of the firm into investing in a start-up business in Israel. The mode of communication was done through compromised email. Then the email posed was sent by the bank and the firm with the fraudster as the middleman – unknowingly to the mentioned entity. An In-depth investigation confirmed that the hacker would infiltrate first corporate email accounts of the targeted executive and run through keywords to search for business ventures. Once able to take a hit on a possible transaction, the hacker will send an email to the executive using an almost legit email domain from the bank. The email may fall on other folders on the email app that is unusually used by any person giving it a high noticeable rate to the victim. Once hooked and a response was received by the fraudster from the victim, they will edit the email and send it to the bank using again an email domain that is unnoticeably compromised that is coming from the domain of the victim. With this scenario, the victim and the bank will get the feeling of having a legit transaction, not knowingly the email is being manipulated by the fraudster.

After the communication and trust have been set up – through victim – fraudster – bank, the fraudster will now give a bank account to the victim to deposits the investment. The money deposited will now be moved to different accounts to be untraceable. Almost $700,000 has been lost in this attack while the rest have been recovered after due diligence has been placed.

Hence, the fraud protection group heeds to many individuals to be more vigilant in doing transactions involving a large amount of money. Phone communication or even having a 2-step verification is a must to add security onto your every transaction. Be it known that such incidents have been alarming to many businesses as reported by the FBI. In their report, incidents related to BEC Domain Monitoring was numbered to 23,775 complaints with losses of $1.7 billion in 2019. With more business that is investing in Cloud Computing System, the estimated damage was $2.1 billion between 2014 and 2019, in the US alone.

About the author

Leave a Reply