Agari: US Now Second to Nigeria for Business Email Compromise Fraudsters
This map shows locations of BEC criminal gangs in the U.S. (Source: Agari)
Business email compromise scams continue to proliferate around the globe, with the U.S. now second only to Nigeria as a home base for the cybercriminal organizations waging the campaigns, according to a study by security firm Agari.
Agari, which examined approximately 9,000 suspected BEC schemes between May 2019 and July, found these criminal gangs are now operating in 50 countries, including newer locations that include Eastern Europe and Russia (see: Russian BEC Gang Targets Hundreds of Multinational Companies).
The report notes about half the world’s BEC criminal gangs operate from Nigeria. Criminal groups waging BEC campaigns, including one called SilverTerrier, are now using increasingly sophisticated malware, such as Trojans and information stealers, to assist in their activities (see: Nigerian BEC Scammers Increase Proficiency: Report).
Agari determined that about 25% of BEC groups now work in the U.S., especially in these five states: California, Georgia, Florida, Texas and New York.
“In recent years, pressure from law enforcement has spurred an exodus of some BEC actors out of Nigeria to other countries,” the Agari report states. “Additionally, cybercriminals around the world have recognized the significant ROI in BEC attacks and have started vying for a piece of the action.”
BEC gangs are now operating in 50 countries. (Source: Agari)
In a report released earlier this month, the European Cybercrime Center, which is part of the EU’s law enforcement intelligence agency, Europol, noted that business email compromises ranked as one of the top 12 major cybercrimes investigators are tracking (see: Cybercrime: 12 Top Tactics and Trends).
Role of Money Mules
The Agari report says money mules usually receive and launder the proceeds of BEC schemes.
Since May 2019, Agari has identified 2,900 mule accounts in 39 countries. Through these accounts, scammers have siphoned $64 million in stolen funds from BEC victims, according to the report.
Of those accounts, 900 were identified as working in the U.S. for various criminal gangs, sometimes without being fully aware of the circumstances, the report notes.
“Many of these mules are likely to be unwitting victims of other social engineering attacks, such as romance scams and work-from-home cons. And a significant number of BEC mules were clustered around a small number of cities, indicating these areas may be hubs of BEC activity in the U.S.,” the Agari report notes.
Earlier this month, the U.S. Justice Department indicted four individuals for working as money mules as part of two BEC scams. The suspects in these cases used fake documents to open fraudulent bank accounts to siphon the proceeds of the scams, prosecutors say.
While money mules are proliferating in the U.S., the amount they are paid pales in comparison to payments to their counterparts in other countries, according to the report.
“For example, the average amount of payments to U.S.-based mule accounts was $39,500, while payments directed to mule accounts based in Hong Kong were $257,300 – more than six times their stateside counterparts,” the report states.
Proliferation of BEC Scams
In February, the FBI Internet Crime Complaint Center reported the bureau received 24,000 complaints about BEC scams in 2019. These scams caused losses totaling $1.7 billion and an average loss of about $72,000 per victim (see: FBI: BEC Losses Totaled $1.7 Billion in 2019).
In September, the Anti-Phishing Working Group published a study that found the average amount stolen in a BEC scam increased 48% during the second quarter of 2020, even though the number of attack incidents decreased (see: BEC Scam Losses Surge as the Number of Attacks Diminish).
Other reports show that some BEC fraudsters continue to grow in sophistication, with criminal gangs targeting the Microsoft Office 365 accounts of senior-level executives to gain additional insights into an organization’s day-to-day operations and monitor email traffic to look for the right moment to spring the scam (see: Millions Stolen in BEC Scam Campaign).