A business doesn’t have to wire money to a fraudster’s account to be a victim of a Business Email Compromise (BEC) attack, as hackers are using known tactics to steal goods and commodities, too, a new FBI alert has warned.
The US law enforcement agency released a public service announcement recently, warning businesses of an ongoing BEC campaign that does just that.
The fraudsters would impersonate current, or former, employees of existing, legitimate US-based businesses. In some cases, the two firms work together (or have done so in the past).
Rising popularity of BEC
The attackers would then initiate a purchase of certain commodities, tricking the victim into shipping them out to a physical address under the fraudsters’ control. The victims would only realize they were defrauded when they sought to collect payment.
In some cases, that wouldn’t happen for the next couple of months, as the fraudsters would often apply, and be granted, credit repayment terms known as Net-30 and Net-60. They would provide fake credit references and fraudulent W-9 forms which would allow them to initiate additional purchase orders without paying for them upfront.
While this type of attack is low-complexity and doesn’t require any specific technical knowledge or expertise, it does require insights into how business payments usually work, which would mean the attackers did their homework.
In fact, BEC is so easy to pull off, that it recently surpassed ransomware to become the number one most popular type of cybercrime in the world. According to a recent report from cybersecurity experts Secureworks the number of BEC incidents doubled in the past year, to become the most common type of attack.
The fraudsters are after a wide variety of commodities, the FBI claims, including construction materials, agricultural supplies, computer technology hardware, or solar energy products.
- Check out the best ID theft protection right now