Business Email Compromise (BEC) Scams

As long as email addresses exist, we will get to see email scams. Usually, security vendors & organizations are working to protect against the common phishing scam types. But cyber attackers always remain one step ahead, adapting their tactics to get around the established security controls. Let's learn about the Business Email Compromise, the short form of which is BEC.

 What Is Business Email Compromise (BEC)?

Business email compromise refers to a kind of cyber attack where emails are used by scammers to trick people into sharing confidential information or sending money. Hence, the cybercriminals act as a trusted figure. After that, they ask for a fake bill to be paid or some information that they can use in another scam. These scams are increasing continuously because of the increased remote work. According to the reports, about 20,000 BEC complaints were made to the FBI last year.

 How Does a Typical BEC Attack Work?

In the Business Email Compromise (BEC) Scams, an attacker can be seen acting like someone whom the receipt believes — mainly a vendor, boss or colleague. You should know that these attacks are hard to detect as they never use malware or malicious URLs, which can be analyzed with standard cyber defenses. These attacks depend on impersonation & other social engineering techniques for tricking people into interacting on the behalf of the attacker.

 The use of social engineering, along with the targeted nature, is responsible for making the manual investigation & remediation of the attacks difficult & time-consuming. These scams use different impersonation techniques like domain spoofing & lookalike domains. As domain misuse is a complex issue, the attacks are effective. It is difficult to stop domain spoofing, but more challenges can be faced when you try to anticipate each potential lookalike domain. You should know that these attacks do not require any tradecraft or any advanced tool for execution. Hence, we have given the process through which a typical BEC attack runs:

 Phase 1) Research & Identify Targets:

These attacks are mainly focused on the employees or executives authorized for making payments on behalf of the companies. Cybercriminals perform reconnaissance continuously over days or weeks. Generally, the BEC targets are CEOs, lawyers, & accounts payable personnel.

 Phase 2) Set Up the Attack:

While mass phishing emails follow a "spray and pray" approach, these BEC attacks come across as legitimate. Scammers perform different activities like spoofing email addresses or creating lookalike domains, impersonating reliable vendors, etc., to prepare for the attack.

 Phase 3) Execute the Attack:

The BEC attack may occur in an email or an entire thread based on the thoroughness of the adversary. Often, the communication uses urgency, persuasion, and authority to get a victim's trust. The perpetrator can offer wire instructions to the victim to make payment to a fraudulent account easier.

 Phase 4) Disperse Payments:

As soon as attackers get the money, they collect it quickly and disseminate it across many accounts. Thus, they can decrease traceability & retrieval chances. For cybersecurity incidents, rapid response times are very important. If any organization can't detect a successful BEC attack quickly, it's unlikely that the money is going to be recovered.

 Common Types of Business Email Compromise (BEC) Scams:

Five types of BEC attacks are there:

 CEO Fraud: Cybercriminals act as the company's CEO or executive and they send an email to a person or employee who works within the finance department. The email asks the individual to transfer money to an account that the attacker controls.

 Account Compromise: In this case, attackers hack an employee's email account to request payments to vendors. After that, they use the account to send payments to fake Bank accounts that they own.

 False Invoice Scheme: This tactic is used to attack foreign suppliers. Scammers act as the suppliers and request foreign suppliers to transfer money to the fake accounts.

 Attorney Impersonation:

It happens if a cybercriminal impersonates a lawyer or legal representative. In these kinds of attacks, mainly lower-level employees are targeted.

 Data Theft: HR employees are attacked in this case with the intention of getting sensitive information about someone who works within the organization, like CEOs and executives. After that, data is possible to be leveraged for future attacks like CEO Fraud.

 Common BEC Attack Techniques:

Five common attack techniques are as follows:

 Exploiting Trusted Relationships:

In order to exploit an existing trusted relationship, cybercriminals make a concerted effort. Exploitation might take multiple forms, like a vendor who requests invoice payments, an executive who requests iTunes gift cards, and many more.

 Replicating Common Workflows:

Countless number of business workflows are executed every day by a company and its employees. While multiple workflows depend on automation, many workflows are conducted over email. These workflows are replicated by the BEC attacks to fulfill their targets before victims get any idea.

 Suspicious Attachments:

These are linked to malware in email attacks. However, attachments which are used in these attacks can forego malware in exchange for fake invoices.

 Socially Engineered Content & Subject Lines:

BEC emails depend on subject lines that want to induce quick action. These are a few terms used in subject lines:

• Request
• Overdue
• Hello FirstName
• Payments
• Immediate Action

Leverage Free Software:

In order to lend these scams, hackers use the software that is available for free. It assists emails in sneaking past security technologies that can block bad domains. For instance, SendGrid is used for making spoofed email addresses, whereas Google Sites are used to stand up phishing pages. Attackers use Google Forms & Docs to extract sensitive data from victims. Hosting fake invoices along with 0-day phishing links is possible by attackers in Google Drive and Box.

Things to know:

• You must be aware of every information you share online or on social media. When you share your pet name, the school you attended, identity like profile links of your family members, and your birthday online, a scammer gets all the information they require to guess the password.

• Ensure that you are not clicking on anything in a text message or an unsolicited email that wants you to update or verify your account details. Hence, you need to find the phone number of the company yourself instead of believing and using the phone number given by the scammer. After finding the number yourself, you should call the company to ask whether the request you have received is legitimate or not.

• You must examine the URL, email address, and spelling used in any correspondence. Scammers trick you with little differences because they intend to gain your trust.

• You have to be careful about what you download. There is no need to open an email attachment from those whom you do not know.

• Try to set up two-factor authentication or multi-factor authentication on such accounts that permit it and never disable this.

• You should verify the payment & purchase requests, or you can call the person to ensure that it is legitimate.

Protect Against BEC Attacks— How to do it:

You should know that a successful BEC attack is very costly and can damage an organization. But defeating these attacks is possible by taking some easy email security precautions, such as:-

Anti-Phishing Protections:

You should know that BEC email is a kind of phishing. Therefore, you have to deploy anti-phishing solutions to protect against them. This solution must be able to identify red flags of BEC emails, such as reply-to addresses that are not similar to the sender addresses. Also, it should be able to use machine learning to identify the email language to indicate an attack.

Employee Education:

These attacks generally target employees of a company. So, employees need to be trained properly so that they can learn how to detect a BEC attack and respond to it. Thus, it is possible to minimize the threat of this kind of phishing.

 Separation of Duties:

The attacks aim to trick employees so that they get involved in high-risk activities such as sharing sensitive information or sending money without verifying the request. Try to implement policies for these actions that need independent verification from a second employee. In this way, it is possible to reduce the risk of these attacks.

Labelling External Emails:

These attacks  want to impersonate internal email addresses with the help of domain spoofing or lookalike domains. You can try to configure email programs with the intention of labelling emails (that comes from the outside of the company) to defeat the tactic.

Conclusion:

Impostor emails are created for the purpose of impersonating a person whom your users trust and trick them into sending personal information or money to the cyber criminals.

Frequently Asked Questions

• What are the different types of BEC?

Usually, there are two types of buckets under which the attacks fall: spear-phishing & social engineering attacks.

• What is the most common type of BEC?

An invoice or urgent payment required scam is the most common type of BEC attack.

• What is the biggest BEC attack?

The biggest Business Email Compromise (BEC) Scams to date is "Facebook & Google: $121m BEC scam".

 

Money Mule Scam

Scammers basically try to use you for stealing money. So, it is essential that you are not helping them. If you do so, you will be called a money mule.

Money Mule Scam can happen in different ways. It can be related to online dating, work-at-home jobs, or prizes. Scammers sometimes pay people by check. After that, scammers ask them to send some of this to another person. They want people to use gift cards or wire transfers. Obviously, they will not tell you that the money is stolen. They will lie about the reason for sending it. Remember that it is only a scam, not a relationship, job, or prize.

What is a money mule?

A money mule indicates a person who is responsible for receiving and moving money that is coming from victims. While a few money mules know that they are assisting in criminal activity, a few money mules don't know that their activities are helping fraudsters. Suppose, a person whom you don't know sends you money. Then he or she asks you to forward or transfer the money. Then you are fueling the fraud and serving as a money mule.

How does money mule scam work?

Money mules come from online job sites, dating sites, social networking sites, online classifieds, and Dark Web Forums. Once a criminal recruiter gains your trust or the victim whose money is acquired, they entice you by offering jobs or setting up a fake relationship. Their task is to convince you to open a new bank account or any existing personal account to receive money sent by criminals. After that, criminals send money to the account where the money will be deposited. They give exact details related to the fund transfer. Sometimes they tell you to withdraw money as cash, use it to purchase a gift card, or convert it to virtual currency, such as Bitcoin.

What Are the Consequences?

Money mule scams can affect your financial future, resulting in incarceration. Money mules can charge the following:

• Mail fraud 
• Wire fraud 
• Bank fraud 
• Money laundering 
• Aggravated identity theft

Engaging in these activities can allow criminals to steal your personal information and use these illegally. If someone is caught acting as a money mule, they must repay the acquired money. It can also result in frozen assets, damage to the credit score, etc.

Who is at Risk?

Usually, the target of criminals is students who are searching for work or those who are on dating websites.

What Are the Signs?

These are the signs:

Work-from-Home Job Opportunities:

• You receive an unsolicited email that offers easy money without any effort. 
• Unknown people tell you to open a bank account online in your name. 
• Being an employee, you are said to get the money in your bank account. 
• There is no particular job description for your duties.

Dating & Social Media Sites:-

• Online contacts or someone you never met tells you to receive money & forward the funds to others.

Protect Yourself:-

• Search on the web to check if the job offering company is legal. 
• Never go with any job offer asking you to transfer money from your bank account. Legitimate companies never tell you to do this. 
• Be aware if someone on the internet wants to use your bank account to receive money. 
• Ensure that you don't give your financial details to those people who are unknown (mainly to online strangers).

How to avoid it?

These are some tips that you need to follow to prevent yourself from being a money mule:

• You must not agree to send money to someone whom you don't know or receive it. 
• Never take those jobs offering money easily. 
• Never open a bank account or cryptocurrency account based on another's direction. 
• Despite receiving money first, you should not send money to any online love interest. 
• Never spend money on getting a prize. 
• You must not open any links in emails sent from an untrusted source. 
• Banks don't call people or send SMS to get personal details such as Account Details, Passwords, or OTP. 
• Never share the Net Banking credentials with others.

What to do if you find yourself involved in a money mule scam?

When you transfer money on behalf of others, criminals can get huge advantages, even you can lose money or be put in Jail. If you find yourself involved in a money mule scam, you can do these things following:

• You should not communicate with those asking you to move money or property. 
• Inform your financial institution and ask them to change accounts. 
• You need to report it to local law enforcement and at reportfraud.ftc.gov. 
• International crime networks use money mules to steal money from businesses. That's why people like you must stay alert and notice the warning signs.

Conclusion:

During the COVID pandemic, the online bank scams increased in the United States. So, you need to be informed and protect your personal information. You should not share your bank accounts with online acquaintances.

Frequently Asked Questions:

Q. How does a money mule scam work?

When a money mule transfers acquired money illegally on behalf of others, it is called a money mule scam.

Q. What is a money mule romance scam?

It is a scam where vulnerable adults receive money from unknown people or those who have gained their trust.

Q. Can a money mule go to jail?

If any money mule is caught moving stolen funds, they will be put into jail, even for this crime, they can get a 14 years prison sentence.

Stock Parking

Do you know what stock parking is? It is a practice where a group of people lends their accounts to a person for purchasing and holding the shares. Market manipulators use this tactic to cloak their manipulative works. You will be called "figureheads" if you lend your account to market manipulators.

It is common for banks and companies as these hold custody of their client's assets. But, market manipulators usually abuse this practice to circumvent regulatory requirements or commit illegal acts. Manipulators compensate the figureheads and give them money to control accounts like stock trading and give instructions for voting corporate actions. Let's dig into the article to know about stock parking in detail.

What is Stock Parking?

Stock parking is an illegal practice where people sell their shares to other people by letting them know that the actual owner of the share will purchase them back after a short time. Its target is concealing a stock's real ownership & maintaining the appearance of regulatory compliance.

It occurs when someone buys a share, but it is held by the 3rd party temporarily before being placed in the account of the final client. Brokers can obviate regulatory disclosures of specific positions & transactions because stock parking is not legal.

Stock Parking Explained:

As we have told before, it is an illegal measure where brokers sell shares to a party, and later the party will sell it to the original broker with a profit to the receiving broker. Hence, the target is to decrease the position for disclosure deadlines. Parking stocks are mainly done by brokerages for keeping holdings clean under Securities and Exchange Commission (SEC) guidelines during disclosure periods. Otherwise, they do so to appear as if they fulfilled all the obligations by the settlement date for a specific trade.

A stock broker can park stocks without the knowledge of the employers. Hence, they can shift their shares to the brokerage's internal regulations to conform instead of avoiding an SEC violation. It can sometimes happen that two stockbrokers collude for their profits without knowing about each other's companies with this arrangement. To avoid the disclosure of long-term holdings is one of the intentions of brokers also. In this case, the reason may be that the whole holdings can not withstand federal scrutiny when all long-term holdings are retained by them. Otherwise, the reason is that the brokerage firms are holding penalties for aged stocks.

Common Illegal Acts:

We have given here some common illegal acts which are related to stock parking.

Market Rigging:

Market manipulators usually buy stocks & sell them with figurehead accounts, just like the "ping pong" game. They also give instructions to the figureheads with different brokers when or what stocks they have to buy and sell. After that, they dump the stock at an expensive rate.

Vote Planting:

The market manipulators can arrange for the figureheads to vote in a shareholder meeting so that they can secure approval for corporate actions like rights problems with high subscription ratio and price discount.

Circumventing Regulatory Requirements:

They conceal their original shareholding with the help of this practice to evade specific regulatory requirements. For instance, they may need to make a general offer to purchase shares that are left in a company by holding shares of 30% or more.

Cornering Of Placing Shares In GEM Listing Activities:

Several placement-only GEM listings viewed placing agents for allocating a small share to many retail investors to fulfil the minimum number of shareholders. This move is called as cornering of shares. As a result, shareholding is concentrated highly in the arms of market manipulators.

They can use the figurehead accounts to manipulate share rates upon listing. As a result, they experience a price surge of 10 times or more for luring retail investors into taking up these stocks.

Trading practice via figurehead accounts undermines the market's transparency. It can cover up the company's "true" shareholding distribution to prevent investors from getting a complete picture for making informed decisions. But those in the dark are capable of making erroneous investment decisions. Recently, a few small-cap stocks were available to have several shareholders. But they were highly concentrated among some shareholders.

Parking vs. Kiting:

The term "Parking" mainly refers to a form of share kiting. Hence, brokerage firms intend to cover undeclared short positions, the stock of which wasn't given by the settlement date. Instead of performing a buy-in transaction, firms are colluding with one another. In this case, these delay the settlement procedure and, later, inflate several shares for trade in the secondary market.

It also represents the market's collusion and artificial manipulation. In this case, you should know that when it comes to talk about the SEC regulations, the punishment severity to collude the park shares basically relies upon the infraction severity, the shares traded numbers, taxable income's unregistered amount, and the conspiracy scale. There are a few tiny violations that incur more than a small fine. In 1989, bigger cases were prosecuted more severely where Paul Bilzerian, a corporate raider, was convicted on nine counts of tax fraud connected with this scheme. Therefore, he was prisoned for four years and fined $1.5 million.

The Bottom Line:

It is a digital wallet for all the Web3 requirements. Remember that it is easy to access a wealth of DeFi platforms from crypto to NFTs and beyond. You should know that OKX is a leading digital asset financial service provider. With the help of this, it is possible to access world-class security, as you continue trading & storing assets. Besides, it is possible to connect existing wallets and win up to $10,000 once you deposit over $50 via a crypto purchase or top-up within 30 days of registration. In this article, we have covered all the details regarding stock parking. If you still have any queries, do ask us via comments.