It is still largely unknown how victims are selected; however, the subjects
monitor and study their selected victims prior to initiating the BEC scam. The
subjects are able to accurately identify the individuals and protocol necessary
to perform wire transfers within a specific business environment. Victims may
also first receive “phishing” e-mails requesting additional details of the
business or individual being targeted (name, travel dates, etc). Some victims
reported being a victim of various Scareware or Ransomware cyber intrusions,
immediately preceding a BEC scam request.
VERSIONS OF THE BEC SCAM
Based on IC3 complaints and other complaint data received since 2009, there
are three main versions of this scam:
Version 1
A business, which often has a long standing relationship with a supplier, is
asked to wire funds for invoice payment to an alternate, fraudulent account.
The request may be made via telephone, facsimile or e-mail. If an e-mail is
received, the subject will spoof the e-mail request so it appears very similar to
a legitimate account and would take very close scrutiny to determine it was
fraudulent. Likewise, if a facsimile or telephone call is received, it will closely
mimic a legitimate request. This particular version has also been referred to as
“The Bogus Invoice Scheme,” “The Supplier Swindle,” and “Invoice Modification
Scheme.”
Version 2
The e-mail accounts of high-level business executives (CFO, CTO, etc) are
compromised. The account may be spoofed or hacked. A request for a wire
transfer from the compromised account is made to a second employee within
the company who is normally responsible for processing these requests. In
some instances a request for a wire transfer from the compromised account is
sent directly to the financial institution with instructions to urgently send funds
to bank “X” for reason “Y.” This particular version has also been referred to as
“CEO Fraud,” “Business Executive Scam,” “Masquerading,” and “Financial
Industry Wire Frauds.”
Version 3
An employee of a business has his/her personal e-mail hacked. Requests for
invoice payments to fraudster-controlled bank accounts are sent from this
employee’s personal e-mail to multiple vendors identified from this employee’s
contact list. The business may not become aware of the fraudulent requests
until they are contacted by their vendors to follow up on the status of their
invoice payment.
CHARACTERISTICS OF BEC COMPLAINTS
The IC3 has noted the following characteristics of BEC complaints:
Businesses and personnel using open source e-mail are most targeted.
Individuals responsible for handling wire transfers within a specific
business are targeted.
Spoofed e-mails very closely mimic a legitimate e-mail request.
Hacked e-mails often occur with a personal e-mail account.
Fraudulent e-mail requests for a wire transfer are well-worded, specific
to the business being victimized, and do not raise suspicions to the
legitimacy of the request.
The phrases “code to admin expenses” or “urgent wire transfer” were
reported by victims in some of the fraudulent e-mail requests.
The amount of the fraudulent wire transfer request is business specific;
therefore, dollar amounts requested are similar to normal business
transaction amounts so as to not raise doubt.
Fraudulent e-mails received have coincided with business travel dates
for executives whose e-mails were spoofed.
Victims report that IP addresses frequently trace back to free domain
registrars.
SUGGESTIONS FOR PROTECTION
The IC3 suggests the following measures to help protect you and your