Published: April 3, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
The City of Ocala, FL was scammed by a business email compromise (BEC) attack that hit the city with a price tag of $742,000. BEC fraud continues to be on the rise, with the FBI reporting the cost of these attacks nearly doubled since last year. In its annual Internet Crime Report, the FBI reported BEC victim losses have been doubling year-after-year, with the latest price tag totaling $1.2 billion. The residents of sunny Ocala won’t likely dispute the cold, hard fact that BEC attacks are getting more effective, more powerful and more pervasive than ever.
It may be difficult to believe that just one phishing email can open a world of hurt, but that’s exactly what happened in Ocala. It started when a senior accounting staff member received an email appearing to be from a trusted vendor. The email instructed the employee to send payments to a different bank account and not the usual one, something that should have been flagged as suspicious. Instead, the payment went to a fraudster’s bank account and not to the intended vendor. The email message came from “ausleyconstructions.com,” a tricky URL spelling of the legitimate business that shouldn’t have an “s” at the end of “construction.” Attackers love using small details that are easily missed and it’s just one of many tactics that are a cybercriminal’s calling card.
If you are responsible for performing wire transfers for your organization, be sure that money is going to the right place. If you are ever asked to send money to a new or different account, pick up the phone and call the vendor to confirm it. Don’t ever reply to email messages like this, as they will just go right back to the criminal. Have checks and balances in place for payments, especially for large amounts and don’t take an email request for account changes as real.
The popularity of impersonating vendors is currently trending with BEC fraud. A recent statistic from the Financial Crimes Enforcement Network shows that illegal transfers from BEC attacks cost over $300 million per month. Reports of BEC scams are growing, including a price tag of $29 billion for a fraudulent fund transfer targeting media giant Nikkei. The city of Naples, FL was scammed into transferring $700,000 to a fraudster, as well as a member of Toyota Group reporting they too were hit by a BEC attack costing over $37 million. All that’s needed for a successful BEC attack is one phishing email that’s opened, trusted and acted upon. It’s like money in the bank.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com