The FBI’s Public Service Warning of Business Email Compromise
The US FBI is warning of business email compromise (BEC) attacks designed to steal physical goods. While BEC attacks are typically associated with stealing money, criminals can use the same social engineering tactics to hijack deliveries of valuable materials. The FBI says fraudsters are particularly interested in stealing construction materials, agricultural supplies, computer technology hardware and solar energy products.
“Criminal actors impersonate the email domains of legitimate U.S.-based companies using spoofed email domain addresses and the display names of current or former company employees, as well as fictitious names to initiate the bulk purchase of goods from vendors across the US,” the Bureau says. “As a result, email messages sent to vendors appear to come from known sources of business. Thus, victimized vendors assume they are conducting legitimate business transactions fulfilling the purchase orders for distribution.”
The criminals also take measures to prevent victims from discovering the theft until multiple orders have already been completed.
“To further delay the discovery of the fraud, criminal actors apply and are often granted credit repayment terms known as Net-30 and Net-60 terms, providing fake credit references and fraudulent W-9 forms to vendors,” the alert says. “The repayment terms allow criminal actors to initiate additional purchase orders without providing upfront payment. Victimized vendors ultimately discover the fraud after attempts to collect payment are unsuccessful or after contacting the company they believed had initially placed the purchase order, only to be notified that the source of the emails was fraudulent.”
The FBI offers the following recommendations to help thwart these attacks.
- “Directly calling a business’s main phone line to confirm the identity and employment status of the email originator, rather than calling numbers provided via email contact
- “Ensuring the email domain address is associated with the business it claims to be from
- “Do not click on any links provided in emails, instead, type in the URL/domain of the source directly”
New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for targeted social engineering attacks.
The FBI has the story.
Get Your CEO Fraud Prevention Manual
CEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:
https://info.knowbe4.com/ceo-fraud-prevention-manual-partner?partnerid=001a000001lWEoJAAW