FBI warns Business Email Compromise attacks are now targeting commodities

FBI warns Business Email Compromise attacks are now targeting commodities

Posted on

The U.S. Federal Bureau of Investigation has warned that criminal actors are using Business Email Compromise schemes to facilitate the acquisition of a wide range of commodities.

BEC attacks, an attack method that involves fraud enabled by social engineering, are not new, with a report in September finding that one-third of all cyberattacks now involved BEC, but typically, such attacks aim to steal money. The FBI warning details that those behind the attacks are now also targeting tangible goods.

According to the FBI, criminal actors are impersonating the email domains of legitimate companies to initiate the bulk purchase of goods from vendors across the U.S. The email messages sent to vendors appear to come from known sources of business, which vendors assume are legitimate business transactions and then fulfill the purchase orders for distribution.

Randomly buying goods would typically cause an alert due to non-payment, but those behind the BEC attacks exploit commercial credit repayment terms such as Net-30 and Net-60, meaning they are not required to pay immediately for goods purchased. Added to the mix, the criminals behind the attacks also provide vendors with fake credit references and fraudulent W-9 forms to further appear legitimate.

Vendors who have been targeted are said to only ultimately discover the fraud after attempts to collect payment are unsuccessful or after contacting the company they believed had initially placed the purchase order, only to be notified that the source of the emails was fraudulent.

The types of tangible goods targeted are also surprisingly specific, with the FBI saying that attacks have targeted construction materials, agricultural Supplies, computer technology hardware and solar energy products. The goods tend to have a high value and are presumably easy to sell under the radar once obtained.

The FBI is warning all businesses to verify the source of any email order by directly calling a business’s main phone line to confirm the employment status of the email originator. Companies should also ensure that the email domain address is associated with the business it claims to be from and that employees should not click on any links provided in emails.

“The FBI’s warning emphasizes the need for continued vigilance and improved cybersecurity measures, particularly for businesses that regularly transfer large sums of money,” James McQuiggan, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “With increased awareness of these types of attacks for users responsible for transferring funds, they need to be aware of the tactics used by cybercriminals and learn to verify the authenticity of any request for funds or sensitive information.

“Preventing this type of fraud requires a comprehensive approach involving both technological and human elements,” McQuiggan added. “Organizations must implement technical safeguards, such as two-factor authentication and encryption while prioritizing employee education and training to increase awareness of the tactics used by cybercriminals.”

Photo: Mayland GovPics/Flickr

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *