Over the last six months, in an FBI sweep nicknamed Operation Wire Wire, the federal law enforcement officials have made 74 arrests, including 42 within the United States, 29 in Nigeria, and three in Canada, Mauritius, and Poland. According to the FBI website on Monday (June 11), the efforts involved the Department of Justice, Homeland Security, and Treasury, as well as the Postal Inspection Service. It's all part of an international BEC takedown involving multiple countries.

Business E-mail Compromise (BEC)

In the sophisticated e-mail scams, scammers pretend to be a legitimate vendor for the companies with invoices for their finance departments.

Business E-mail Compromise (BEC) schemes target only employees with access to the company’s finances, but that is not all. This type of scam has become a significant threat to US businesses and individuals. The FBI has found that the criminal organizations behind the BEC are also targeting individual victims, often done through impersonation of a key employee or business partners, and sometimes even through romance and lottery scams.

Involved actors

According to the FBI, the losses due to BEC scams have more than doubled in 2018, with $685 million reported by 4,081 victims to the FBI’s internet crime complaint center in the first quarter. "The FBI 2017 Internet Crime Report" compared this to the recorded losses of $275 million in 2015 and $675 million in 2017.

FBI assistant director Scott Smith said the fraudsters are doing their homework. Smith told the Wall Street Journal that they would go into company websites looking for “the right people.”

Scammers even go as far as pulling annual reports in an effort to find out what companies they do business with before spoofing those accounts by impersonating firms in e-mails sent to their targets.

Some even fake a CEO’s e-mail account and use that e-mail to request for payments from the company’s finance officers. Recent prosecutions have revealed the role of money mules, accomplices whose main responsibility was to withdraw funds from bank accounts that received the illicit transfer in order to move them somewhere else.

BEC targets

Over the years, we have seen many large companies defrauded in similar kinds of BEC scams. FACC AG, an aerospace and defense company that sells Airbus and Boeing equipment, was a target of a “fake president” fraud. The company lost $54 million in 2016 to hackers impersonating the CEO who ordered for the money to be wired to an account controlled by the cybercriminals. In 2017, an Atlanta based security service provider identified a group of Nigerian threat actors, the Gold Galleon, who used fake payment requests to steal close to $4 million from multiple companies. In many of these scams, the organization is expected to take action based on a request from someone senior in the company or a “supplier.”