FinCEN BEC attacks report: Analysis by blackhta Pakistan 2023
In this article we will learn about FinCEN BEC attacks.
Introduction to FinCEN BEC attacks:
The Financial Crimes Enforcement Network (FinCEN) is a US government agency responsible for collecting and analyzing financial information to fight financial crime. In 2016, FinCEN issued an advisory to financial institutions regarding business email compromise (BEC) fraud. On July 16, 2019, FinCEN updated the 2016 guidance.
In this article, we will explore five main points of the updated guidance, namely (i) changes to the operational definitions of email compromise scams, (ii) inclusion of references to additional BEC victims, (iii) providing new information on BEC trends, ( iv) embedding a description of business processes that are susceptible to BEC fraud and (v) exploring in detail opportunities for sharing information related to BEC fraud. These five points are discussed in more detail below.
Changes in operational definitions
In the updated guidance, FinCEN expanded the definitions of email compromise fraud to include the different entities that can fall victim to the fraud and the different payment methods that can be used to transfer funds to fraudsters. For example, the amended definitions apply not only to wire transfers, but also to cryptocurrency payments, the use of automated clearinghouse transfers, and gift card transfers.
Also read:Gapz: Advanced VBR Infection 2023 by Blackhat Pakistan
The amended definitions may be incorporated by financial institutions into their anti-money laundering/countering the financing of terrorism (AML/CFT) frameworks.
Including links to other BEC victims
The updated guidance states that in addition to companies, governments, educational institutions and financial institutions can also be victims of BEC.
BEC attacks on governments (both domestic and foreign) mostly target email accounts used to operate payroll bank accounts and pension funds. Such attacks mainly rely on sending emails that look similar to emails from trusted government institutions. The emails try to entice the recipient to initiate a payment transaction.
Although only 2% of all BEC incidents in 2017 targeted educational institutions, these institutions are subject to the majority of high-value BEC attacks. This is because they regularly send and receive large sums of money, such as tuition fees, grants and subsidies. BEC attacks on educational institutions typically involve sending emails purporting to be from service providers working with the targeted educational institutions.
BEC attacks on financial institutions in most cases involve sending emails that appear to be sent by employees of other financial institutions. For example, the purported sender of an email may be the Society for Worldwide Interbank Financial Telecommunications (SWIFT). SWIFT operates a network that enables financial institutions around the world to exchange financial information.
Providing new information on BEC trends
FinCEN also revealed information on the latest trends and developments in BEC attacks. The report states that BEC attacks occur most frequently in the manufacturing and construction (25% of reported cases), commercial services (18% of reported cases) and real estate (16% of reported cases) sectors.
Most BEC attacks involve initial moves into the United States. Such transfers likely benefit US “money mule” networks. The term “money mule” refers to a person who transfers illegal funds on behalf of others. Mules are commonly recruited through advertisements for “Money Transfer Clerks” and “Payment Processing Agents”. Using money mules, criminals can distance themselves from fraudulent transactions. In most cases, the mule is paid a percentage of the transferred funds.
Proceeds from BEC attacks typically end up in Turkey, Hong Kong, China, the United Kingdom, and Mexico.
Discussing business processes that are vulnerable to BEC fraud
The report says BEC attacks rely on weaknesses in business processes in agriculture, education and real estate. For example, vulnerabilities related to real estate processes include (i) the availability of detailed public information about real estate transactions, (ii) parties in real estate transactions sometimes communicate via email, and (iii) communications related to real estate transactions often lack strengths. authentication processes.
Opportunities to share information related to BEC fraud
FinCEN also reminded financial institutions that under the USA PATRIOT Act, they may share information related to BEC fraud to help other potential victims identify and report money laundering or terrorist activity. Information shared may include, for example, information about recipients and offenders. By sharing such information, financial institutions will alert potential victims of BEC fraud to the fraudulent nature of communications emanating from certain legitimate entities.
Considering that fraudulent supplier invoices are the most commonly used BEC methodology, these warnings can be particularly useful in preventing BEC fraud. Information sharing will become even more important in the future as the number of BEC attacks based on fraudulent supplier invoices continues to increase. In 2017, 30% of all BEC incidents involved fraudulent supplier invoices. In 2018, it was 39%.
Conclusion
In its updated guidance, FinCEN provides additional guidance on how to identify and address BEC attacks. By doing so, FinCEN hopes to reduce the growing number of successful BEC attacks.
According to the Federal Bureau of Investigation (FBI), BEC attacks resulted in losses of more than $12 billion worldwide between October 2013 and May 2018. Such losses have a significant impact on affected individuals, companies, and governments. . To mitigate the negative impact, FinCEN created the FinCEN Rapid Response Program in 2014. He managed to recover more than 500 million USD. The program allows FinCEN to quickly share information with financial intelligence agencies in more than 164 jurisdictions.
Sources
- Manufacturing and Construction Top Targets for Business Email Compromise, FinCEN
- Updated Advisory on Email Compromise Fraud Schemes Targeting Vulnerable Business Processes, FinCEN Advisory
- FinCEN Unveils New Efforts to Combat Widespread Business Email Compromise Fraud Scams As Losses Reach $300 Million Per Month, Fox Rothschild LLP
- This is how much email scammers are now costing businesses every month, ZDNet
