Skip to content ↓ | Skip to navigation ↓

Last year, attackers used an email scam to defraud an unidentified American corporation out of $100 million, report U.S. authorities.

According to Reuters, the American corporation was targeted by a business email compromise between August and September of 2015.

A business email compromise (BEC) is a type of payment fraud where an attacker compromises the email account of either a high-ranking executive, such as an organization’s CFO or or CEO, or a business’s vendor/supplier. The scammers then use this access to make fraudulent wire transfers to financial institutions located all over the world.

bec scam

Since October 2013, the FBI has received 17,642 reports from victims of this type of scam, amounting to more than US$2.3 billion in losses.

Last summer’s attack “appears to be the largest email scam that I’ve seen,” said Tom Brown, a former Manhattan federal prosecutor who now serves as managing director of Berkeley Research Group’s digital security practice.

In the attack, which occurred at around the same time the American technology company Ubiquiti Networks suffered $39.1 million in losses as a result of a BEC scam, the fraudsters did not gain unauthorized access to an existing account. They simply created an email address that looked like it belonged to one of the American corporation’s vendors in Asia.

While communicating with a professional services company that was hired to process vendor payments for the American corporation, the scammers directed the American firm to send US$98.9 million intended for the actual vendor to a bank account at Eurobank Cyprus Ltd.

Eurobank discovered the fraud and froze $74 million of the funds. The remaining monies were laundered through other accounts located in Cyprus, Hungary, Hong Kong, and elsewhere.

In response, the U.S. government has filed a civil forfeiture lawsuit in federal court. Authorities hope to use that lawsuit, not to mention the cooperation of foreign governments, to recover the remaining $25 million. Those monies are currently stored in 20 different accounts located around the world.