skip to Main Content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Ex-Bank of America Employee Charged with Business Email Compromise Money Laundering

    Business Email Compromise Scam Bank of America

    A three-person team – including a personal banker at Bank of America – have been indicted for reportedly being behind a BEC scam that took 5 companies for over $1.1 Million.

    We often hear of (and tell) stories of scams, but rarely hear about what happened after the money’s been stolen. In this care, according to U.S. Department of Justice press release, we get a small glimpse into what transpires post-attack with funds.

    According to the DoJ, three men were behind a Business Email Compromise (BEC) scam that began with targeted phishing attacks designed to steal online credentials. Once a set of credentials was obtained, a material amount of time – in some cases, months – was spent intercepting email communications so that the team could learn about the internal billing systems, the types of communications between key players, and who were the vendors, clients, and people responsible for transactions. The team would send an email to a vendor impersonating an employee (by using a typo-squatting lookalike domain), requesting payment for an actual transaction, providing full details of the transaction for credibility purposes, but diverting payment to their own account.

    One of the three, an ex-Bank of America personal banker, was responsible for setting up the bank accounts – in many cases under the names of the victim companies – to ensure payments would be accepted by the bank.

    It’s important to remember that scams like this nearly always start with a phish. As long as a user falls for the phishing attack, the game is on and your organization is not at risk of either attack or fraud. Users that undergo Security Awareness Training – particularly those who have responsibility over the organization’s finances – are better prepared to spot scams designed to steal credentials, thwarting BEC scams like this one before they every get started.


    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    close

    Sign Up to the TIO Intel Alerts!

    Back To Top