In line with trends in the US, the number of Australian victims to business email compromise (BEC) fraud is on the rise.
There were 243 victims of BEC fraud in the first quarter of 2016-2017 Australian financial year, according to figures in a new report on organised crime by the Australian Criminal Intelligence Commission (ACIC).
There were 749 cases reported in 2015-2016, the first full financial year that ACORN collected data on BEC fraud. The new numbers suggest victim numbers are on the rise.
ACIC didn’t report the value of losses, however the FBI says BEC fraud has grown into a multibillion dollar threat, affecting tens of thousands of firms around the world.
BEC is a type of phishing that usually involves tricking a target into wiring funds to a fraudster’s account. Fraudsters adopt multiple identifies, ranging from the CEO or CFO of a company, to suppliers, a lawyer or any other identity a victim might expect to communicate with in the course of normal business. Over time they’ll convince the victim to wire funds that would normally be paid to a supplier. Often the attackers compromise a target’s email to study patterns of behavior.
It’s considered a low-tech but sophisticated crime as it relies on highly targeted social engineering without necessarily compromising a victim’s network.
The FBI estimates BEC fraudsters have attempted to scam $5.3bn from organizations since 2013. Over 40,000 organizations from 132 nations have been targeted, though actual losses are less than $5.3bn.
Last August Brisbane City Council lost $450,000 to BEC fraudsters after making nine transfers it believed were payments to a professional services supplier.
Facebook and Google were reportedly the victims of a BEC scammer who’d cheated both firms of $100m over two years, posing as Taiwanese hardware maker Quanta Computer.
ACIC’s report classifies BEC fraud as one of the main components of cybercrime, itself one of several serious financial crimes along with card fraud, investment fraud, tax fraud, and superannuation fraud.
The report also identified encryption and encrypted messaging apps as a key enabler of organized crime.