Business email compromise (BEC) phishing scams[1] are one of the most common forms of cybercrime – and new fraud gangs are appearing across the globe to trick firms into handing over money, according to an investigation by cybersecurity researchers.
A number of these scams have in the past been operated out of Nigeria[2], which is where about half of BEC scams still originate, according to an analysis by researchers at security company Agari[3]. But a quarter of BEC phishing scams operate from within the US.
In total, Agari identified BEC attacks originating from 50 countries around the world and identified South Africa and the UK as high-ranking regions of BEC activity. The UK, for example, is home to a prolific BEC outfit known as London Blue[4].
SEE: A winning strategy for cybersecurity[5] (ZDNet special report) | Download the report as a PDF[6] (TechRepublic)
The research also identifies Eastern Europe and Russia as a region with a growing number of BEC scammers. Traditionally home to trojan malware[7] and ransomware[8] groups, the emergence of BEC groups in the region[9] suggests the cyber-threat landscape could be changing as corporate phishing scams become more lucrative.
"While we knew there were some BEC actors operating out of the US, the fact they comprised a quarter of all global BEC actors was a surprise," Crane Hassold, senior director of threat research at Agari, told ZDNet.
Nearly half the BEC scammers in the US are based in five states: California, Georgia, Florida, Texas, and New York, although evidence of people operating BEC attacks has been detected in 45 states in total.
The goal of a BEC attack is to trick an employee of an organisation into transferring a large sum