News and Reports
FBI’s 2019 Internet Crime Report
Some important takeaways include:
- FBI’s IC3 received 23,775 complaints in 2019 regarding BEC, recording more than $1.7 billion in losses to individual and business victims.
- Most common attacks:
- non-payment/non-delivery scams
- Some of the targeted sectors:
- Real estate
- Personal accounts
- Attack types commonly seen:
- Payroll funds
- Vendor fraud
- Gift cards/Executive spoofing
- Requests for W-2s
Taking from the report directly, guidance for anyone experiencing a BEC is as follows:
- Contact the originating financial institution as soon as fraud is recognized to request a recall or reversal as well as a Hold Harmless Letter or Letter of Indemnity.
- File a detailed complaint with http://www.ic3.gov. It is vital the complaint contain all required data in provided fields, including banking information.
Proactively, it is suggested to:
- Visit http://www.ic3.gov for updated PSAs regarding BEC trends as well as other fraud schemes targeting specific populations (real estate, pre-paid cards, W-2, etc.).
- Never make any payment changes without verifying with the intended recipient; verify email addresses are accurate when checking mail on a cell phone or other mobile device.
Also, this incredibly eye-opening graphic of the last 5 years (all internet crime included):
Agari’s Email Fraud & Identity Deception Trends Report
“Consistent with recent trends, it finds that the success of today’s most pernicious email scams is growing less dependent on technical prowess, and more on social engineering techniques that leverage human emotions like anxiety or curiosity.”
- 62% of BEC scams last quarter involved gift cards, the most common being:
- Google Play store
- Best Buy
- Threat groups in Eastern Europe may become a larger issue in the upcoming months as attacks from Czech-based webmail platforms have been on the rise.
Out new this week are the following resources and recommendations.
Microsoft Office 365:
- Henri Hambartsumyan of Medium posted on hardening a vanilla Office 365 tenant.
- New Microsoft support article on configuring Exchange Online Protection (EOP) and Advanced Threat Protection (ATP).
- KnowBe4 posted about the FBI’s report in their Phishing Blog (great historical information).
- AARP provides advice on preventing romance scams.
- The FBI produced “Avoid Becoming a Victim to Romance Scams“
Thanks for looking over my first week’s post! I began this on the later side of the week but want to have each of these published on Friday. If you have anything that you think would make a great addition to this week please email me at the address provided.