ICC BEC Scam: Around $2.5 million vanished from the ICC Account
The Indian Cricket Council fell prey to a massive BEC scam last year in the USA, losing around $2.5 million to wire fraud. FBI investigations soon started, and they confirmed that business email compromise was the method involved. In fact, FBI has termed the ICC BEC scam the most financially damaging cybercrime.
The BEC scam is being analyzed but ICC hasn’t been very vocal about it. However, it has involved the necessary law-enforcement agencies who are actively looking into the matter.
How exactly ICC lost this huge amount of money to BEC is still a mystery. One of the possibilities is that the hackers could have scammed ICC employees at Dubai head office or ICC’s partner vendors or external consultants. It’s also not clear whether the hackers siphoned off the money in a single go or through phased wired transfers.
For more helpful information, read our blog about Modern email scams.
A brief on BEC
Business email compromise is an email scam where the victim is convinced to make monetary transfers. Hackers are able to convince their victims to do so because they’ve spied on previous email trails between the victim and their reporting heads/peers/subordinates and know just when to step in using a spoofed email address to send their fatal duped email. The victim, thinking the request has come from a valid source, complies without hesitation.
In a report prepared by the FBI in collaboration with its Internet Crime Control Centre, the Bureau said, “BEC scams usually involve spoofing of a legitimate, known e-mail address or the use of a nearly identical address to appear as someone known to or trusted by the victim. BEC scams are initiated when a victim receives false wire instructions from a criminal attempting to redirect legitimate payments to a bank account controlled by fraudsters.”
The report further elaborated: “The scam has progressed from spoofed e-mails purportedly from chief executive officers requesting wire payments to fraudulent locations, to impersonation of vendor e-mails; spoofed lawyer e-mail accounts; diversion of payroll funds; the targeting of the real estate sector; and fraudulent requests for large amounts of gift cards.”
With BEC scams becoming more sophisticated, it has become difficult for aware and diligent employees to spot them manually. Hence, it has become imperative for businesses to opt for cutting-edge automated email security solutions that can detect, prevent, and report on possible BEC and other email-borne threats.
