Jump to content
  • FBI: Business email compromise tactics used to defraud U.S. vendors

    alf9872000

    • 393 views
    • 2 minutes
     Share


    • 393 views
    • 2 minutes

    The Federal Bureau of Investigation is warning companies in the U.S. of threat actors using tactics similar to business email compromise that allow less technical actors to steal various goods from vendors.

     

    Typical business email compromise (BEC) attacks focus on stealing money by tricking the victim into diverting funds to the fraudster’s account.

     

    In 2021, the losses associated with BEC schemes reached almost $2.4 billion in the U.S. alone. The figure is based only on the complaints received by the FBI that year, close to 20,000.

     

    In the type of fraud that the FBI observed the threat actor is employing false acquisition schemes to obtain various products from vendors across the country.

    Skilled fraudsters

    In an alert on Friday, the FBI notes that criminal actors are impersonating the email domains of U.S.-based companies to initiate bulk purchases.

     

    The fraudsters are diligent enough to use spoofed emails with names of real employees, current or former, of the businesses they impersonate.

     

    “Thus, victimized vendors assume they are conducting legitimate business transactions fulfilling the purchase orders for distribution,” the agency explains.

     

    According to the FBI, among the commercially available goods targeted in this type of fraud are construction materials, agricultural supplies, computer technology hardware, and solar energy products.

     

    While the technical skills required to spoof an email address are very low, it appears that the actors are skilled fraudsters knowledgeable in business payments and how to hide the cheating.

     

    The FBI says that the criminal actors would also delay the discovery of the swindle by applying for credit (Net-30 and Net-60 terms) from the seller based on fake references and counterfeit W-9 forms that include income information.

     

    After being granted a 30 or 60-day credit repayment term, the fraudsters can start additional purchase orders without having to pay in advance.

     

    The FBI recommends vendors check the source of an email before agreeing to a transaction. They can pull the buyer’s contact information from a reliable source (e.g. company’s website, social media, or online databases) and call them directly to inquire about the purchase intent.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...