SecureWorld News

How the Secret Service Thwarted a $21 Million BEC Attack

Written by SecureWorld News Team | Thu | Sep 2, 2021 | 8:51 PM Z

The worst situation imaginable just happened.

Someone in your organization hit send on a wire transfer for $21 million—and afterward, they discovered they sent the payment to an account controlled by cybercriminals.

They fell for a fake email as part of a Business Email Compromise (BEC) attack. Stress is running high and you are wondering what kind of repercussions there will be if the money is lost.

Could there be firings or organizational reshuffling? Could it force the organization to close down? Just thinking about this type of scenario is sweat inducing.

And it just happened in real life. 

BEC cyberattack worth $21 million

The U.S. Secret Service Global Investigative Center (GIOC) just had a major win against cybercriminals attempting to drain funds through a BEC attack.

On August 23, the GIOC managed to intervene in a Business Email Compromise attempt in the amount of $21 million. Though the company was not named, we know the attempted attack was for a real estate related transaction.

The organization involved transferred $21 million, but the Secret Service got involved quickly enough to recover the entire amount.

While ransomware has bled into mainstream conversations, GIOC wants to bring awareness to the "sharp rise in BEC incidents." The real estate vertical has seen the largest impact, but there have been successful BEC incident events across all types of industries.

BEC attacks are also hitting your end-users when they go to buy a home. 

The Secret Service explains how this is happening:

"Home buyer payments are being intercepted through stolen confidential and contemporaneous information, then fraudsters are using a spoofed domain to send fraudulent wiring instructions to the home buyer. BEC schemes targeting home buyer payments affect individual home buyers, often first-time home buyers, and attempt to defraud the buyers out of a significant portion of life savings and personal wealth.

Mortgage and loan payoff payments are being intercepted through fraudulent wire instructions inserted into the transaction process, and changes in payment information may not be confirmed or scrutinized by the parties involved."

However, there are ways to mitigate the risks against BEC attacks for individuals and organizations.

9 ways to avoid BEC incidents 

Since BEC attacks can happen so swiftly, it is imperative to act quickly—rapid-fire quick—when it is suspected a financial transaction could be compromised. If you suspect suspicious activity, it could be a good idea to notify the Secret Service. Why? The agency has close ties to financial services to help get an organization's money back.

The U.S. Secret Service also provided some helpful ways to limit the risks of BEC schemes:

• Update procedures to ensure proper verification of information before releasing funds
• Independently obtain mortgage payoff statements and confirm with verified and trusted sources
• Independently verify the authenticity of information included in correspondence and statements
• Enable Multi-Factor Authentication (MFA) on all email accounts
• Routinely change passwords
• Routinely monitor email account access, check for unauthorized email rules and forwarding settings
• Restrict wire transfers to known and previously verified accounts
• Pay using checks when the information cannot be independently verified
• Have a clear and detailed Incident Response Plan

The U.S. Secret Service investigates all kinds of cybercrime, including ransomware.

SecureWorld has an upcoming Great Lakes virtual conference featuring Jeremy Sheridan, Assistant Director for Office of Investigations, U.S. Secret Service, as a keynote speaker. He will be discussing ransomware as an evolution of cybercrime. Register and attend this event on Sept. 23rd.

[RELATED: In recent weeks, the town of Peterborough, New Hampshire, made headlines when its finance department sent 15% of the annual budget—taxpayer money—to cybercriminals in a possible BEC attack.]