A sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments is making the rounds, involving the recruitment of money mules and fraudulent “business opportunities.”
The US federal Internet Crime Complaint Center (IC3) is warning that the Business E-mail Compromise (BEC) gambit, formerly known as the man-in-the-email scam, is actively recruiting victims to receive fraudulent funds into their personal accounts in exchange for a commission—who are then directed to quickly transfer the funds using wire transfer services or another bank account, usually outside the US. Asian banks, located in China and Hong Kong, are the most commonly reported ending destination for the transfers.
Upon direction, mules may sometimes open business accounts for fake corporations, both of which may be incorporated in the true name of the mule.
In another version, attorneys are targeted to represent supposed BEC litigants in a payment dispute. Retainers in the form of checks are purportedly sent by the litigants to the attorney; but the scam is revealed when either the checks are found to be fraudulent or the BEC litigants are contacted and found to have never retained that attorney for legal assistance.
The BEC scam is linked to other forms of fraud too, including romance, lottery, employment and home/vacation rental scams.
In 2014, the scam managed to lift roughly $214 million worldwide ($180 million domestically, and $34 million abroad), with 2,126 victims spread across every US state and 45 countries.
“It is still largely unknown how victims are selected; however, the subjects monitor and study their selected victims prior to initiating the BEC scam,” the IC3 said in its advisory. “The subjects are able to accurately identify the individuals and protocol necessary to perform wire transfers within a specific business environment.”
Victims may also first receive phishing emails requesting additional details of the business or individual being targeted, and some victims reported being a victim of various scareware or ransomware cyber-intrusions.
“The victims of the BEC scam range from small to large businesses,” the IC3 said. “These businesses may purchase or supply a variety of goods, such as textiles, furniture, food and pharmaceuticals. This scam impacts both ends of the supply chain, as both supplies and money can be lost and business relations may be damaged.”