Deceptive accounts: Email fraud is the most costly type of cybercrime | a job

RICHMOND, Virginia (AP) – It’s a crime that drains countless billions from the economy – but many people have never heard of it.

Business email scams involve criminals hacking into email accounts, pretending they aren’t someone, and tricking victims into sending money where it doesn’t belong.

Although they get far less attention than massive ransomware attacks that have led to a robust government response, BEC scams have been by far the most costly type of cybercrime in the United States in years, according to the FBI.

The huge rewards and low risk associated with BEC scams have attracted criminals all over the world. Some flaunt their illicit fortunes on social media, posing in pictures next to Ferrari and Bentley cars and piles of cash.

Almost every organization is vulnerable to BEC scams, from Fortune 500 companies to small towns. Court records show that even the US State Department was duped into sending fraudsters to the BEC more than $200,000 in grant money intended to help Tunisian farmers.

“Scammers are very well regulated and law enforcement is not,” said Sherry Williams, director of a San Francisco nonprofit that recently fell victim to the BEC scam.

Losses in the United States due to BEC fraud in 2021 amounted to nearly $2.4 billion, according to a new report from the FBI. This is a 33% increase from 2020 and more than ten times more than it was just seven years ago.

Experts say many victims never filed complaints, and FBI numbers only show a small fraction of the amount of money stolen each year.

BEC scammers use a variety of tactics to hack legitimate business email accounts and trick employees into sending wired payments or making purchases they shouldn’t. Targeted phishing messages are a common type of attack, but experts say scammers have been quick to adopt new techniques, such as “deep fake” voice generated by artificial intelligence to pretend to be company executives and trick subordinates into sending money.

In the case of Williams, the director of a San Francisco nonprofit, the thieves hacked into the nonprofit’s bookkeeper’s email account, inserted themselves into a long email chain, sent letters asking to change the grant recipient’s bank payment instructions, and stole $650,000. .

After finding out what had happened, Williams said, her calls to law enforcement went nowhere.

The FBI told her that the US Attorney’s office would not take up her case. I traveled to Odessa, Texas, where the bank that initially received the stolen money was located. By that time, the money was long gone and the local detective was powerless to help. Williams sought help from US senators, and later learned that the Secret Service was investigating, but said she had not given her any updates.

BEC scam expert and former FBI cyber analyst Karen Hasold heard about federal prosecutors refusing to take BEC cases unless several million dollars were stolen, the bottom line that speaks volumes about how out of control the problem is.

“There are too many of them that they can’t work with all of them,” said Hasold, now director of threat intelligence at Abnormal Security.

The Department of Justice has launched months-long operations in recent years that have resulted in hundreds of arrests worldwide.

Brian Turner, executive assistant director of the FBI’s Criminal, Cyber, Response, and Services Branch.

But security experts say the wave of arrests has had little effect, and FBI figures themselves show that BEC fraud continues to grow at a rapid pace.

Sophisticated BEC scams targeting businesses and other organizations began to emerge in the mid-2010s. That was also around the time when ransomware attacks – where hackers broke into networks and encrypted data – began to increase in frequency and severity.

For years, both BEC scams and ransomware attacks have largely been treated as a law enforcement problem. That still holds true for BEC attacks, but ransomware is now a major national security concern after a series of disruptive attacks on critical infrastructure like the one last year against the largest fuel pipeline in the United States led to gas shortages along the East Coast. .

NSA hackers have taken measures to disrupt the networks of ransomware operators. The Department of Justice has created a ransomware task force to better organize the law enforcement response. US President Joe Biden has pressed the issue directly with Russian President Vladimir Putin, where several ransomware operators are located.

Nothing close to these efforts has been used against the BEC fraud despite the huge financial losses.

If the US were to launch a full-fledged government response to the BEC fraud, it would almost certainly focus heavily on Nigeria. Nowhere are BEC scammers more active than in Africa’s most populous country, where scammers have been able to operate almost unchecked for decades.

Ramon Abbas, a well-known Nigerian social media influencer who went to Hushpuppi, had over two million followers on Instagram before his arrest in Dubai. Abbas’s posts on social media showed that he lives a life of complete luxury, with private planes, expensive cars, luxury clothes and watches.

“I hope one day to inspire more young people to join me on this path,” Abbas, who pleaded guilty in the United States to BEC-related international money laundering and other cybercrime last year, read on Instagram. He is currently scheduled to be sentenced in July.

About the author


Leave a Comment