What Do Lonely Hearts, Nigerian Princes and Money Mules Have To Do With Your Business?

Ascension Global Technology Blog - Business Email Compromise

More than you might initially think. But before you rush off to warn your single colleagues, friends and employees about the dangers of online dating, you may like to read CrowdStrike’s latest Intelligence Report, “Nigerian Confraternities Emerge As Business Email Compromise Threat”.

The report delves into the observed patterns, operations and criminal gangs behind the growing number of business email compromise (BEC) scams. Businesses should be aware of this type of security threat for network defense purposes.

What is Business Email Compromise?

Business email compromise (BEC) is a form of fraud.  Criminals gain the trust of victims’ to compromise legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds or send valuable data to criminally controlled accounts. This type of fraud is facilitated by the cybercriminal’s ability to convince the victim to believe that they are actually being asked or instructed to do a transaction by a trusted party for legitimate purposes.

BEC occurs when “a criminal compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds”, according to the FBI’s Internet Crime Complaint Center (IC3).

How Serious Is Business Email Compromise And How Much Does BEC Cost?

Like all eCrime, business email compromise is a global problem that affects all geographical regions and involves actors conducting fraud on multiple continents.  The magnitude of BEC fraud has only recently begun to be understood.

BEC has become a huge challenge for businesses and law enforcement agencies. The FBI estimates that this fraud has resulted in billions of dollars stolen from large and small businesses alike.

The FBI’s Internet Crime Complaint Center released its 2017 Internet Crime Report on May 8. Business email compromise (BEC) incidents, which have been a growing trend in recent years were the top complaint received by the IC3 last year. The IC3 reported that it received 15,690 BEC complaints in 2017, accounting for losses of $675 million.  This is compared to 12,005 BEC complaints amounting to losses of more than $360 million USD received by the IC3 in 2016.  Over the seven year period from 2000 to 2017, the IC3 has received more than 4 million victim complaints.

CrowdStrike has observed single BEC cases that have resulted in financial losses in the seven figures. It is expected this type of business email compromise is expected to remain a high threat into the foreseeable future.

For comparison, in 2016 the IC3 received almost 15,000 complaints categorized as romance scams (also known as confidence fraud) with the reported losses associated with those complaints exceeding $230 million.  However, these figures are expected to be very conservative with the FBI estimating that only about 15 percent of these crimes are reported. This is because many of the victims experience disbelief, shame and humiliation and feel embarrassed to share or report their loss.

The Link Between Romance Scams And Business Email Scams

BEC, like the well-known Nigerian romance scams, have been perpetrated by Nigerian groups and individuals.  These ruthless Nigerian ecriminal gangs and individuals, in some cases young University students driven by the lure of easy riches, are financially motivated to conduct wire fraud, romance scams, money laundering, and business email compromise (BEC).

These scammers are well-organized and have moved beyond the advanced-fee fraud (or Nigerian criminal code “419 fraud”), including the well-known “Nigerian Prince” scams, to much more sophisticated BEC scams which involve elaborate and complex money laundering operations.  Analysis by CrowdStrike Intelligence shows that larger and more sinister Nigerian criminal groups are involved in BEC, specifically Nigerian Confraternities.

While there have been plenty of documented cases of romance scams leaving broken-hearted victims in emotional distress and financial ruin, a clear link between these Nigerian cybercriminals to BEC scams has more recently emerged. Victims of romance scams are being used to facilitate BEC scams by acting as money mules for fraudulent money transfers.

BEC: An Advanced Form of eCrime

The FBI considers romance scams as a “secondary scheme associated with BEC” because victims of this type of fraud have been used as money mules to cash out or transfer money stolen from BEC.  When BEC scams are combined or conducted in conjunction with romance scams, money mule recruitments, and complex money-laundering operations, they present an enormous challenge to law enforcement, businesses, cyber security firms, and individuals.  These scams are crimes that support one another and as such should be considered an advanced form of eCrime.

Criminals rely on human nature and our willingness to trust people.  Once trust is established with their victims, these scammers can carry out their intent to use their victims as “mules” to transfer money, cash fake checks, make deposits, accept and ship stolen goods, and more.

CrowdStrike notes that there have been multiple open-source reports describing how money stolen through BEC fraud is directed to bank accounts in China, particularly Hong Kong.  The IC3 has tracked fraudulent bank transfers to 72 countries, with the majority of these going to banks in China and Hong Kong.

CrowdStrike Report: Key Points

The key points and observations from the CrowdStrike Threat Intelligence report are:

  • Three different types of BEC scams include: wire transfer attempts, payroll fraud, and compromises leading to follow-on spam campaigns.
  • In many BEC cases, Office 365 (or Google suites) are being compromised because two-factor authentication (2FA) was not enabled.
  • eCrime campaigns using the Netwire remote access tool (RAT) are tied to Nigerian BEC fraud and have affected companies in the energy, travel,
    financial, and hospitality sectors.
  • Money stolen through BEC fraud is primarily directed to bank accounts in China, particularly Hong Kong.
  • Although the perpetration of Nigerian 419 scams is not as advanced technically as the activity conducted by Russian actors who develop and manage sophistication banking Trojans, Nigerian BEC scams are just as advanced given their global scale, the amount of money involved, and the
    advanced money laundering techniques that include the use of banks in China.
  • The threat posed by Black Axe and similar Nigerian ecriminal groups will remain high for the foreseeable future, and BEC will remain an effective eCrime technique in the near to mid-term.

Key Takeaway Messages From The CrowdStrike Report

To protect your enterprise from being the target of a business email compromise attack, ensure that you have adequate email security to block spammers, malware, and non-malware based threats.  Be proactive with your cyber security measures with threat hunting and secure your user accounts with two-factor authentication. In addition, educating employees about email fraud and social engineering schemes to raise awareness across the organization adds an additional layer to your enterprise cyber defenses.

For help on finding the right technology tools and solutions, including email security, advanced threat detection and two-factor authentication, and employee cyber-awareness education, contact Ascension Global Technology.

 

Resources

CrowdStrike Intelligence Report: CSIR – 18004 Nigerian Report

FBI’s Internet Crime Complaint Center 2017 Internet Crime Report

Online Imposters Break Hearts and Bank Accounts

How A Billion-Dollar Internet Scam Is Breaking Hearts And Bank Accounts

– Move To Next-Generation Threat Hunting – Stay Abreast Of The Latest Attacks And Threats

Find out more about end-point security solutions and multi-factor authentication to secure your business.

Leave a Reply