Criminals are using business email compromise (BEC) techniques to scam vendors across multiple industries, including computer hardware vendors, warns the FBI. The criminals obtain products without paying for them, making it essential for businesses to be cautious.
A common approach in BEC attacks is to trick the victim into sending payments to the attacker’s account, stealing money. The strategy takes advantage of the fact that many people rely on email to carry out their personal and work-related activities.
In 2021, BEC scams led to losses of nearly $2.4 billion in the United States alone, according to FBI reports. The figure is primarily based on the 20,000 complaints received by the agency that year.
The FBI has discovered that scammers are using fake acquisition schemes to trick vendors into providing various products across the country.
How Do Skilled Scammers Execute BEC Attacks?
In a notification issued on March 24, the law enforcement agency warned that criminals are spoofing legal United States based firms by faking their email domains. This enables them to make bulk purchases from vendors across the country.
To trick victims into disclosing important information, scammers use spear phishing techniques to create email messages that appear to come from a trusted source.
According to the FBI:
Thus, victimized vendors assume they are conducting legitimate business transactions fulfilling the purchase orders for distribution.
Malicious actors can secure specified payment terms that enable them to buy additional items without making an upfront payment by utilising fake credit references and fake W-9 forms. This enables them to avoid detection and continue with their fraudulent activities.
The FBI has stated that the fraudulent actors behind this type of scam are targeting commercial goods such as construction materials, agricultural products, computer systems, and solar energy products.
Although spoofing an email address only requires a basic understanding, these fraudsters have expert knowledge of company payment systems and are able to hide their fraudulent activities successfully. Once given a credit payback period of 30 or 60 days, the fraudsters can initiate more purchase orders without paying in advance.
Recommendations for Preventing Such Scams
It is important to be cautious about sharing personal information on social media and other online platforms. Cybercriminals often use social engineering techniques to collect information such as your pet’s name, the schools you attended, and your birthday. This information can be used to create targeted attacks against you.
Avoid replying to any spam emails or texts that urge you to update or confirm account information. These could be phishing attacks, designed to trick you into divulging your personal information. Instead of using any phone number provided in the message, call the company directly to verify the validity of the request.
Always check the email address, URL, and spelling used in any correspondence, as scammers use minor modifications to trick and gain your trust.
Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.