summary
Recently, the risk of trade fraud due to email hacking during international money transfers has been increasing. Common tactics include cleverly altering the recipient's email address or modifying account information using stolen email credentials.
To prevent such incidents, it is important to designate the transfer account in advance and to verify any account change requests through direct confirmation via phone or video call. Additionally, adhering to international security standards and thoroughly managing email security is essential.
example
Singapore Trade Fraud: $42.3 Million Transferred via Email Hacking
According to an Interpol report on August 6, 2024, a trading company in Singapore mistakenly believed a fake email sent by fraudsters was from a legitimate supplier, resulting in a transfer of $42.3 million to a fraudulent account. The email closely resembled the actual email address but had a slightly altered version, deceiving the victim company.
Following the incident, Singaporean police utilized Interpol's Global Rapid Response for Money Transfers (I-GRIP) mechanism, collaborating with Timor-Leste authorities to freeze the funds and recover some of the money. This case underscores the importance of international cooperation and highlights the significant threat that email hacking fraud poses to global business.
Business email hacking (BEC) and CEO fraud are surging in Asia, leading to significant losses for companies. BEC scams involve hackers infiltrating a company's email system to intercept sensitive information or impersonating senior executives to instruct employees to make incorrect payments.
A notable incident involved a Greek company that transferred approximately $800,000 to a fraudulent account. In this case, the hacker impersonated the CEO, directing an employee to make the payment, which was then transferred to a scam account in Hong Kong. Such misdirected payments can result in severe financial losses for businesses.
This case underscores the importance of email security. To defend against these attacks, companies must strengthen their email security and implement additional verification procedures for payment requests. By thoroughly enforcing email security measures, organizations can protect themselves from fraud attacks like BEC.
Operation reWired is a large-scale investigation aimed at criminals involved in business email hacking (BEC) worldwide, conducted in cooperation with multiple law enforcement agencies, including the U.S. Department of Homeland Security (HSI), the Federal Bureau of Investigation (FBI), and the United States Postal Inspection Service (USPIS). Through this operation, a total of 281 individuals were arrested, including 167 in Nigeria, 18 in Turkey, and 15 in Ghana. Arrests also occurred in several other countries, including France, Italy, Japan, Kenya, Malaysia, and the United Kingdom.
Operation reWired highlights the widespread nature of BEC fraud, recovering approximately $37 million in assets, and leading to the arrest of numerous suspects and freezing of various accounts. BEC criminals typically impersonate corporate executives or use fake email addresses that closely resemble real ones to deceive victims.
The impact of BEC fraud extends beyond individual companies, significantly affecting the global economy. According to the Internet Crime Complaint Center (IC3), losses from BEC and its variant, email account compromise (EAC), amounted to approximately $1.3 billion in 2018, nearly doubling compared to the previous year.
conclusion
Cyber attacks such as Business Email Compromise (BEC)—which primarily involves hacking corporate and personal email accounts to intercept payment information or induce erroneous transactions—can cause severe damage to businesses. To prevent such attacks, it is crucial to implement various response strategies and comply with security standards.
As seen in recent news cases, common attack methods include email header tampering (7.2.1) and the use of similar domains (7.2.2). To address these threats, adhering to security requirements outlined in standards for countering header tampering attacks (8.2.1) and similar domain attacks (8.2.2) is effective in preventing these attacks.
To prevent such attacks, basic security measures should be implemented, such as direct verification of email account change requests through phone calls or video conferences, regular password changes, and the use of two-factor authentication. Additionally, it is important to implement a system that can identify subtle differences in email domains and activate spam filters to block suspicious emails.
By adhering to these measures and complying with international email security standards, organizations can significantly enhance their defenses against cyber attacks like BEC. Ultimately, by strictly following security requirements and strengthening routine security management, companies can minimize the damage caused by email hacking.
** For more detailed information on international mail standards, please refer to the link below.
https://mailinspectplatform.com/security-requirement-targeted-outbound-email-attacks/
Reference
<281 Arrested Worldwide in Coordinated International Enforcement Operation Targeting Hundreds of Individuals in Business Email Compromise Schemes>
<The rising threat of Business Email Compromise (BEC) attacks and CEO Fraud in Asia>
<Police recover over USD 40 million from international email scam>
![[Phishing URL] With just one click, your life can be phished](https://blogger.googleusercontent.com/img/a/AVvXsEiMZfwpN_jo42_q0JI6Cvn3pdWmBwZQ7ZjMhbFZA_firmlw2y0833OjRiWTtsWuU28F2BuzwH7gNRqifA0hHapX2ezZajNfa_SFZ84DRXr7_hDnoOP576GiLIou0MroeTU6U7ztyeyP_PcfoSPWOKyaESBvDlvnplTmduTRuT8npx-q49NkRYAirrN5JuU=w72-h72-p-k-no-nu)
0 Comments