Analysis
Attacks and Vulnerabilities
CISA
Critical infrastructure
News
Threat Landscape

FBI warns of criminal hackers using BEC tactics to facilitate acquisition of commodities, defrauding vendors

March 27, 2023
FBI warns of criminal hackers using BEC tactics to facilitate acquisition of commodities, defrauding vendors

The Federal Bureau of Investigation (FBI) issued a public service announcement warning the public of criminal hackers using Business Email Compromise (BEC) schemes to facilitate the acquisition of commodities and defrauding vendors. Hackers continue to target and acquire various commercially available goods, such as construction materials, agricultural supplies, computer technology hardware, and solar energy products.  

“Criminal actors impersonate the email domains of legitimate U.S.-based companies using spoofed email domain addresses and the display names of current or former company employees, as well as fictitious names to initiate the bulk purchase of goods from vendors across the U.S,” the FBI said in its announcement. “As a result, email messages sent to vendors appear to come from known sources of business. Thus, victimized vendors assume they are conducting legitimate business transactions fulfilling the purchase orders for distribution.”

To further delay the discovery of the fraud, criminal hackers apply and are often granted credit repayment terms known as Net-30 and Net-60 terms, providing fake credit references and fraudulent W-9 forms to vendors, FBI detailed. The repayment terms allow criminal hackers to initiate additional purchase orders without providing upfront payment.

The agency added that the victimized vendors ultimately discover the fraud after attempts to collect payment are unsuccessful or after contacting the company they believed had initially placed the purchase order, only to be notified that the source of the emails was fraudulent.

To reduce the chances of becoming a victim, the FBI called upon individuals and organizations to verify the source of the email by directly calling a business’s main phone line to confirm the identity and employment status of the email originator, rather than calling numbers provided via email contact. It also suggests ensuring the email domain address is associated with the business it claims to be from, and not clicking on any links provided in emails, instead, type in the URL/domain of the source directly.

Last May, FBI data identified BEC as a ‘$43 Billion Scam’ that continues to grow and evolve, targeting small local businesses to larger corporations, and personal transactions. Between July 2019 and December 2021, there was a 65 percent increase in identified global exposed losses, meaning the dollar loss that includes both actual and attempted loss in U.S. dollars. The BEC scam has been reported in all 50 states and 177 countries, with over 140 countries receiving fraudulent transfers. 

Additionally, based on the financial data reported to the IC3 for 2021, banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds. China, which ranked in the top two destinations in previous years, ranked third in 2021 followed by Mexico and Singapore. The IC3 has also received an increased number of BEC complaints involving the use of cryptocurrency.

The latest warning follows a December alert by the FBI, the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) that cautioned organizations in the food and agriculture sector of recently observed incidents of criminal hackers using BEC techniques to steal shipments of food products and ingredients valued at hundreds of thousands of dollars. The agencies identified the emergence of the BEC tactic as ‘one of the most financially damaging’ online crimes.

In January, Mandiant researchers said that they have analyzed a dataset of over 1700 unique, industrial-themed phishing samples delivered to organizations worldwide in 2022. The team built the dataset using a specialized set of industrial-related keywords to search through millions of samples and pinpoint phishing emails impersonating email communications from personnel operating or handling operational technology (OT) and industrial processes.

The researchers said that phishing campaigns vary in lure complexity, tooling, volume, and objectives. However, what most phishing campaigns have in common is that they reveal little context about an actor’s end objectives given that they represent the earliest stages of a mission. Seemingly simple phishing that is not necessarily targeted to specific victims can branch out into entirely different post-compromise activity, such as BEC, ransomware deployment, espionage, data leaks, or cyber-physical attacks.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation