Cabarrus County in North Carolina is the latest victim of a major Business Email Compromise attack. The scammers impersonated a building contractor that was constructing a new high school in the County and succeeded in redirecting a $2.5 million payment to their account.

One of the contractor’s email accounts was compromised and an email was sent to a contact at the County requesting a change to the usual bank account.

Any request for such a change naturally needed to pass checks, but since the scammers had sent through all the appropriate documentation, the banking information was changed. The scammers then waited until the next regular payment was made. That payment was for $2,504,601.

The missing payment was queried by the contractor, Branch and Associates, and an investigation uncovered the scam. The relevant banks were informed to freeze the accounts to prevent the money from being withdrawn, but despite the quick response, the banks were only able to recover $776,518.40. The scammers had managed to divert $1,728,082.60 to a variety of accounts and had pocketed the funds.

The County was protected by an insurance policy, but it only provided $75,000 of coverage. $1,653,082.60 of the funds had to be covered by the County, in addition to the costs of investigating the attack, implementing additional security measures, and the cost increase of its insurance premiums after making such a large claim.

In this case the transfer was substantially larger than the average fraudulent BEC wire transfer, but transfers of this magnitude are far from unusual. Figures released by the U.S. Financial Crimes Enforcement Network (FinCEN) show there has been a 172% increase in losses to BEC attacks since 2016. Attacks are also increasing in frequency. In 2018, 1,100 BEC attacks were reported by businesses and $310 million per month was lost to BEC attacks.

FinCEN’s report shows businesses in the manufacturing and construction industries are the most commonly targeted and face the greatest risk of attack, although all businesses need to be aware of the threat and should take steps to reduce risk.

Defending against BEC attacks requires a variety of technical and administrative safeguards. There is no single solution that can be implemented which will detect and block all BEC attacks.

BEC scams usually start with a phishing email, so steps should be taken to improve email security. Advanced email security solutions such as SpamTitan can identify and block these BEC threats. SpamTitan also provides protection against the second stage of the attack. In addition to scanning all incoming emails, SpamTitan also scans outbound email for potential threats coming from within the organization.

Not all threats can be blocked, even with highly advanced email security defenses, so it is essential for the workforce to be trained how to identify potential email threats. Policies and procedures should also be developed covering amendments to banking credentials and email requests for bank transfers over a certain size.

Companies that fail to take action to reduce risk could well find their losses included in next year’s FinCEN BEC financial losses report.

If you have not implemented an anti-spam solution, if you are unhappy with your current provider, or if you use Office 365 for email, contact the TitanHQ team today to find out more about improving your security posture and increasing your defenses against BEC attacks.