FBI — business email compromises is one of the biggest threats your firm faces right now

best free email services
(Image credit: Image by Gerd Altmann from Pixabay)

A business doesn’t have to wire money to a fraudster’s account to be a victim of a Business Email Compromise (BEC) attack, as hackers are using known tactics to steal goods and commodities, too, a new FBI alert has warned.

The US law enforcement agency released a public service announcement recently, warning businesses of an ongoing BEC campaign that does just that. 

The fraudsters would impersonate current, or former, employees of existing, legitimate US-based businesses. In some cases, the two firms work together (or have done so in the past).

Rising popularity of BEC

The attackers would then initiate a purchase of certain commodities, tricking the victim into shipping them out to a physical address under the fraudsters’ control. The victims would only realize they were defrauded when they sought to collect payment.

In some cases, that wouldn’t happen for the next couple of months, as the fraudsters would often apply, and be granted, credit repayment terms known as Net-30 and Net-60. They would provide fake credit references and fraudulent W-9 forms which would allow them to initiate additional purchase orders without paying for them upfront. 

While this type of attack is low-complexity and doesn’t require any specific technical knowledge or expertise, it does require insights into how business payments usually work, which would mean the attackers did their homework.

In fact, BEC is so easy to pull off, that it recently surpassed ransomware to become the number one most popular type of cybercrime in the world. According to a recent report from cybersecurity experts Secureworks the number of BEC incidents doubled in the past year, to become the most common type of attack.

The fraudsters are after a wide variety of commodities, the FBI claims, including construction materials, agricultural supplies, computer technology hardware, or solar energy products.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.