Introducing DAIC: A Suggested System for Preventing BEC Fraud

BEC Fraud (Business E-mail Compromise) has reached epidemic levels in recent years. In 2019, the FBI’s Internet Crime Compliant Center, reported that it received complaints with adjusted losses of over $1.7 billion from this type of scam. The reported cases to the IC3 is just a drop in the bucket compared to the overall amount of incidents online. Considering nothing dramatic has changed in the cybercriminal world, it can be assumed that in 2020 and 2021, the numbers are the same, if not worse.

The scam has a few variants in how it is executed and in its technical sophistication. The majority of the cases involve invoice scams, in which the fraudster masquerades as a vendor, sending the victim’s CFO or account payable team a request for payment with an updated bank account information. In term of sophistication, the scam ranges from involving an actual compromised E-mail account of the vendor, the use of a similar domain that impersonates the vendor’s, to a simple well-crafted E-mail message. In all variants, the attacker hopes for the victim to fall for the bait and issue a wire transfer.

In this column I am suggesting a free and open source solution for BEC fraud.

Continue Reading on SecurityWeek

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

IntelFinder is the most cost effective threat intelligence solution on the market, offering customer-specific and actionable therat intelligence at a fraction of the cost. We cover a wide variety of threats, such as similar domain registration, rogue apps, leaked employee credentials, leaked source code, leaked documents, exposed subdomains and more – all for only $250/month per brand.

IntelFinder is offered with a one month free trial – no strings attached and no credit card information required! 

TRY INTELFINDER NOW

Get a Free 15 Minutes Consultation