The action is not sophisticated: the financial officer of a company receives an email in which its executive director or CEO asks him to transfer a sum of money to a business partner.
There is nothing strange in the message. Nothing blows the alarms. He is your boss giving you an order. And as this enters the work plan of the person who deals with finances, there would be nothing to verify.
However, hours or days later, when the other party in the business claims that the transfer has not arrived, in the office they realize that there was an error, and that the situation is serious.
The money has been sent to a plot of bank accounts that diversify even outside the country, so it is very difficult to warn banks to stop the operation. Sometimes a part of the funds is recovered, but on other occasions the cybercriminals have already vanished with what is not theirs after having imitated the CEO’s mail and cheated on an employee.
This is known as Business Email Compromise (BEC), which in Spanish we know as Corporate Email Committed, one of the modalities of cyberattack to the cash counter of companies.
A worldwide scam with many zeros
“According to figures provided by the FBI, this hacking has generated worldwide losses of at least $ 26 billion since 2016. And all through a relatively unsophisticated attack, according to a BBC report, which depends more on social engineering and deception than on traditional hacking. According to figures provided by the FBI, this hacking has generated worldwide losses of at least $ 26 billion since 2016. And all through a relatively unsophisticated attack, according to a BBC report, which depends more on social engineering and deception than on traditional hacking.
The conclusion provided by cyber security experts is that emails cannot be trusted, when it comes to sensitive issues, linked to finance, no matter how powerful a company is.
According to the note, at the beginning of September 28 it alleged hackers were arrested in 10 different countries as part of a massive operation against global cyber criminal networks linked to these types of scams.