



Sherry Williams, Executive Director of One Treasure Island, will take a photo at her office in San Francisco on Tuesday, April 5, 2022. Business email scams are a type of crime in which a criminal hacks an email account, impersonates someone other than himself, tricks the victim into sending money to an unexpected location. In the case of Williams, San Francisco’s non-profit director, the thief hacks a non-profit bookkeeper’s email account, inserts it into a long email thread, and asks the grant recipient to change their telephony instructions. I sent and paid for $ 650,000. Credits: AP Photo / Eric Risberg

It’s a crime to suck billions of dollars from the economy, but many haven’t heard of it.

Business email fraud involves a criminal hacking an email account, impersonating someone other than himself, tricking the victim into sending money to a place he doesn’t belong to.

Although not as much attention as the massive ransomware attacks that triggered a strong government response, the BEC fraud has been the most costly type of cybercrime in the United States for years, according to the FBI.

The enormous rewards and low risk associated with BEC scams are attracting criminals around the world. Some people show off their wealth not available on social media and pose in pictures next to Ferraris, Bentley, and a pile of cash.

Almost every company, from Fortune 500 companies to small towns, is vulnerable to BEC scams. Even the US State Department has been fooled into sending more than $ 200,000 BEC scammers in grants aimed at helping Tunisian farmers, court records show.

“Scammers are very well organized, not law enforcement agencies,” said Shelley Williams, director of a San Francisco nonprofit organization that was recently the victim of BEC fraud.

According to a new FBI report, the 2021 BEC fraud cost about $ 2.4 billion in the United States. This is a 33% increase from 2020, more than 10 times more than just seven years ago.

And experts say that many victims never come forward, and the number of FBIs shows only a small fraction of the amount stolen each year.

BEC scammers use a variety of techniques to hack legitimate business email accounts and trick employees into sending wire transfers or making purchases that shouldn’t be done. Targeted phishing emails are a common type of attack, but experts say scammers quickly adopt new technologies such as artificial intelligence-generated “deepfake” audio to impersonate company executives. It is designed to trick subordinates into sending money.

In the case of Williams, San Francisco’s non-profit director, the thief hacks a non-profit bookkeeper’s email account, inserts it into a long email thread, and asks the grant recipient to change their telephony instructions. I sent and paid for $ 650,000. ..

After she discovered what had happened, Williams said, her call to law enforcement went nowhere.

The FBI told her that a local US law firm would not file her proceedings. She flew to Odessa, Texas. There was a bank that received her first stolen money. By that time, the money had run out and the local detectives had no power to help. Williams turned to US Senator for help, and she later learned that a secret service was under investigation, but she said it didn’t give her any updates.

Crane Hassold, a BEC fraud expert and former FBI cyber analyst, has heard that federal prosecutors have refused to file BEC proceedings unless millions of dollars have been stolen.

“Many of them may not be able to handle everything,” said Hassold, now director of threat intelligence at Abnormal Security.

The Justice Department has begun activities in recent months, with hundreds of arrests worldwide.

“Our message to criminals involved in these types of BEC schemes remains clear. The FBI’s memory and reach are long and widespread. Wherever you are, we constantly track you. “Masu,” said Bryan Turner, Executive Assistant Director. The FBI’s criminal, cyber, response, and service departments.

However, security experts say the wave of arrests has had little impact, and the FBI’s own figures show that BEC scams continue to grow rapidly.

Sophisticated BEC scams targeting businesses and other organizations began in the mid-2010s. It was also around that time that ransomware attacks that hacked into the network and encrypted data began to increase in frequency and severity.

For years, both BEC fraud and ransomware attacks have been treated primarily as law enforcement issues. This also applies to BEC attacks, but ransomware is now now after a series of devastating attacks on critical infrastructure like last year against the U.S.’s largest fuel pipeline, which led to gas shortages along the east coast. This is an important national security concern.

National Security Agency hackers are taking steps to disrupt the network of ransomware operators. The Ministry of Justice has set up a special ransomware task force to better organize law enforcement responses. And US President Joe Biden posed the problem directly to Russian President Vladimir Putin, who has many ransomware operators.

Despite the huge financial losses, nothing close to these efforts has been deployed against BEC scams.

If the United States begins a government-wide response to BEC fraud, it will almost certainly focus on Nigeria. Nowhere is BEC scammers as active as Africa’s most populous country, where scammers have been operating with little checking for decades.

Ramon Abbas, a well-known Nigerian social media influencer by Hushpuppi, had more than 2 million followers on Instagram before being arrested in Dubai. Abbas’s social media posts showed that he lived a completely luxurious life with private jets, super-expensive cars, luxury clothing and watches.

“I hope one day more young people will be encouraged to join this path,” said last year guilty of international money laundering related to BEC and other cybercrime in the United States. Read the Instagram post by Abbas who acknowledged. His decision is currently set for July.

