PYMNTS-MonitorEdge-May-2024

US DOJ Continues Its Business Email Compromise Battle

Department of Justice

The Business Email Compromise continues its dramatic attack on businesses’ B2B payment workflows in this week’s B2B Data Digest. With the U.S. Justice Department reporting on several business email compromise (BEC)-related cases, companies have also faced internal threats as employees manipulate accounts payable (AP) processes to defraud their employers.

2 months have passed since a cyberattack disrupted payroll at the District Health Board (DHB) of the Waikato region of New Zealand, according to NZ Herald reports. The cyberattack resulted in staff at the DHB not receiving correct payment, as the DHB’s payroll system is no longer able to calculate how many hours professionals have worked. Reports noted that because healthcare is often shift-based work, compensation often changes from one payroll cycle to the next; the DHB has resorted to paying employees whatever their payment was before the cyberattack occurred.

20 years is the maximum sentence for a Massachusetts man recently arrested for their alleged role in a BEC scam, a press release from the U.S. Department of Justice said. The individual has been arrested and indicted on two counts of wire fraud as well as other charges, with the indictment accusing the person of opening bank accounts in Massachusetts as part of a BEC scam. The attach reportedly aimed to redirect wire-based B2B payments from legitimate suppliers’ accounts to the personal accounts of the alleged conspirators.

71 percent of organizations have been targeted by a BEC scam, new data from cybersecurity firm GreatHorn revealed. The company released the results of an industry survey, its 2021 Business Email Security Landscape Report, concluding that remote work has raised the risk of such attacks on businesses. BEC attacks were found to be the most prolific email-based scam experienced by companies surveyed. “Cybercriminals want the keys to the castle, which they achieve by stealing credentials,” Kevin O’Brien, CEO of GreatHorn, said. “To do so they often target C-suite and finance employees as they have the most privileged information available to access.” According to the survey, 30 percent of firms reported that more than half of the links their businesses receive via email lead to a malicious site.

$377,000 was allegedly stolen from a Texas business via payroll, accounts payable and accounts receivable fraud, local reports said. A former employee of a manufacturing firm has been charged with the theft, which reportedly involved forging signatures on paper checks in accounts payable designed to suggest the check payments were for legitimate suppliers. Those checks were instead deposited into the individual’s personal account, reports said, noting that the individual is alleged to have forged signatures on 125 checks and forged 90 checks for personal expenses.

$2 million was stolen from six firms in a BEC scheme, according to a Department of Justice press release. The DOJ noted that a federal jury has convicted on individual for their involvement in the scam that targeted businesses across the U.S. and involved luring those businesses into making what they believed were legitimate supplier payments into scammers’ bank accounts. The DOJ said trial evidence revealed individuals falsified documents to open bank accounts to receive and launder funds stolen by the BEC scam.

PYMNTS-MonitorEdge-May-2024