Hold onto your keyboards, folks! The FBI has released a staggering report that criminals, through CEO fraud (also known as Business Email Compromise or BEC), have swindled a whopping $50 billion over the past nine years. It seems the real estate sector has been a prime target for these cyber crooks.
BEC is a crafty trick where cybercriminals gain access to email accounts. How? They employ sneaky tactics like phishing, weak passwords, or reused passwords. Then, they use these hijacked accounts to fire off malicious emails. It doesn’t stop there; they even spoof email addresses and resort to ‘typosquatting’. This is where they register domains that closely resemble those of a legitimate organization, further enhancing their deceit.
The crooks cleverly pose as suppliers, requesting customers to redirect their payments to different bank accounts. Or, they might urge the financial department of a victim organization to settle certain invoices, with money transferred to accounts specified by the attackers. Over the past few years, real estate attorneys, brokers, construction companies, and credit providers have increasingly found themselves in the crosshairs.
Once inside the account, the attackers monitor for upcoming real estate transactions, down payments, or transfers. The attacker then intercepts communication between the compromised victim and a third party, impersonating the victim. These unsuspecting third parties receive messages instructing them to transfer the payment to a different bank account.
From October 2013 to December 2022, the FBI recorded nearly 278,000 BEC incidents, with criminals making off with $50.8 billion. Currently, Business Email Compromise has been observed in 177 countries, with fraudulent transactions sent to accounts in over 140 countries. According to the FBI, banks in China and Hong Kong are the primary destinations for these illicit BEC transactions.