Hi guys,
I hope this message finds you well. It’s my intention to keep you informed of the latest scams circulating globally. As we receive them, we’ll send them to you. Also, please report any scams to me so I can inform the community about them.
While Incognito is primarily geared towards protecting individuals, this message is for small, medium, and large business owners. BEC scams are purely social engineering attacks and they are incredibly effective. Here’s an overview to help you understand and protect yourself against these schemes.
Overview of BEC Scams
Business Email Compromise (BEC) scams involve attackers impersonating executives, vendors, or other trusted entities to trick employees into transferring funds or divulging sensitive information. These scams can be challenging to detect because they do not typically involve malware or malicious links. Instead, they rely on social engineering tactics to deceive their victims.
Recent Examples of Business Email Compromise (BEC) Schemes
- Real Estate Firm Loses €38 Million A real estate developer in Paris was targeted by an international BEC gang, losing €38 million. The scammers impersonated a lawyer from a well-known accounting firm, gaining the CFO’s trust and persuading them to make large, urgent transfers.
- Eagle Mountain City Scammed for $1.13 Million In Utah, BEC scammers inserted themselves into an email thread between city officials and a construction vendor. They impersonated the vendor and convinced a staff member to transfer funds to them.
- Grand Rapids Public Schools Defrauded for $2.8 Million A California couple accessed the email account of a school district’s benefits manager. They requested a change in wiring information for insurance payments, resulting in two large payments sent to the scammers’ bank account.
- Children’s Healthcare of Atlanta Loses $3.6 Million Scammers impersonated the CFO of a construction company working with the healthcare provider. They sent a fake letter requesting payment to a different account, successfully defrauding the organization.
- Contact Defrauded of Over €100,000 A fraudster gained access to one of my contact’s email account and monitored his email communications for several months undetected. The target had a weak password—his child’s name and date of birth. The fraudster saw an email about a €100,000 investment into the target’s business and, just before the transfer, provided his bank information instead. The money was transferred to the scammer’s account and was never recovered. This incident highlights the importance of having a strong password and enabling two-factor authentication.
How Authorities Are Cracking Down on BEC Scammers
Authorities around the world are increasingly cracking down on BEC scammers. A recent example involves a Nigerian man facing prison in the U.S. after being convicted of BEC fraud. He was part of a criminal network that sent phishing emails to companies, leading to the theft of millions of dollars. This conviction shows that international cooperation and rigorous investigation can lead to significant legal consequences for cybercriminals.
How to Protect Yourself
- Verify the Sender Always verify the sender’s email address and be cautious of any unexpected or urgent requests for money or sensitive information.
- Implement Multi-Factor Authentication (MFA) Use MFA for email accounts to add an extra layer of security.
- Educate Employees Conduct regular training sessions to make employees aware of BEC scams and how to identify suspicious emails.
- Establish Protocols Set up protocols for verifying significant transactions, such as confirming with a phone call to a known number.
- Use Secure Email Solutions Utilize secure email platforms that offer advanced phishing protection and suspicious forwarding detection.
- Ask Me!! I am at your service 🙂
If you have any questions, comments, or need any advice, please feel free to contact me through the Incognito app. Always stop, take a breath, and if you’re unsure, ask me.
Sending you all the best,
Stephen McCormack ❤️