Business email compromise (BEC) is a global problem responsible for $26 billion in losses since June 2016, and the latest Agari research shows that the distribution of threat actors is much more diffuse, now covering more than 50 countries.
Because only high-profile BEC attacks ever reach the news, it’s easy to imagine that this type of fraud involves millions of dollars and that it only happens at very high levels. But the opposite is true, with BEC accounting for 40 percent of all cybercrime losses, and, in most cases, criminals only look to steal amounts small enough that they don’t raise immediate red flags.
In the past, Nigeria was the hub for most of these scams, but, just like the victims, the attackers are now highly multinational. Now, BEC attacks stem from more than 50 countries, with a quarter of all attackers residing in the United States, including California, Georgia, Florida, Texas, and New York.
Of course, these types of operations wouldn’t be possible without “mules,” people who willingly or unwittingly help the scammers retrieve the money.
“Over the course of 15 months, we collected 2,900 mule accounts in 39 countries, through which scammers intended to receive more than $64 million in stolen funds from BEC victims,” found the Agari research. “While 80% of these mule accounts were located in the United States, the requested payment amounts destined for those accounts were significantly lower than other countries.”
The average payment to US-based mule accounts was $39,500, but the payment made to accounts based in Hong-Kong was, on average, $257,300, which is significantly more.
Not surprisingly, the COVID-19 pandemic helped attackers find more victims to help them. Many people lost their jobs and turned to freelance, working from home. In many situations, they were helping BEC scammers move money around.
“After a victim accepts the ‘job,’ they are put to work doing a variety of different tasks, which could include receiving and reshipping goods, receiving ‘payments’ from clients, or printing and sending checks,” states the research. “Of course these tasks are all part of fraudulent schemes the victim is unknowingly a part of.”
It’s becoming evident that BEC attacks are spreading across the world, affecting more businesses than ever. Now, with a foothold in so many countries, criminals have a much easier time finding mules and new targets.
tags
Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between. He's passionate about security and the way it shapes the world, in all aspects of life. He's also a space geek, enjoying all the exciting new things the Universe has to offer.
View all postsDon’t miss out on exclusive content and exciting announcements!