Business Email Compromise (BEC): A Growing Threat
Business Email Compromise (BEC) is a serious issue where hackers steal login details from supplier or vendor organizations to issue fake invoices or change bank detail requests. This scam has significantly impacted local companies.
Between 2013 and 2015, a Lithuanian hacker, Evaldas Rimasauskas, used this method to trick Facebook and Google into handing over $172 million. He sent fake invoices to employees of these tech giants, appearing to be from a major Taiwanese hardware maker, a business partner of both companies. These invoices and bank change requests came from legitimate email addresses and often included a prior email trail, lulling companies into a false sense of security.
Although Google and Facebook were able to recover their losses, with Rimasauskas now serving a five-year prison sentence, BEC remains a serious threat to the corporate sector. According to Australian secure payments data platform Eftsure, BEC attacks are becoming more sophisticated, with hackers targeting the supply chain to infiltrate corporate systems.
Eftsure's technology verifies supplier bank account details and other compliance information before a payment is made. Co-founder and CEO Mike Kontorovich noted that hackers are increasingly targeting partners of big companies. "What we are seeing is that a big company’s partner may get their system hacked, and then the cybercriminals send invoices and emails that are valid," he said.
Kontorovich added, "The banks leave the accountability to their customers, so at the corporate level where you are paying a lot of people, you wouldn’t pick up a fraudulent account immediately. Our financial controls aren’t quite there yet, even though digital payments are everywhere."
Eftsure has a joint business relationship with PwC Australia through the professional services firm’s Align program. "We look at technology from upcoming companies and introduce them to our larger clients," PwC partner Ross Thorpe said. "Eftsure is solving a big problem for a number of our clients. Using crowd-sourcing as part of the solution is a great idea."
Author: Supratim Adhikari, Technology Editor at The Australian
First published in The Australian on 11th February 2020
