FBI: COVID-19-Themed Business Email Compromise Scams Surge

“Criminals have become more sophisticated by considering the psychological aspects of an attack,” says Mark Chaplin, principal at the Information Security Forum.

Fraudsters are taking advantage of the global COVID-19 pandemic to ramp-up business email compromise scams, the FBI and security researchers warned this week.

In an alert, the FBI says that fraudsters are sending BEC messages that use COVID-19 as an excuse to request a fraudulent switch or rescheduling of payments or a change to other business or government plans in order to pilfer funds.

“Recently, there has been an increase in BEC frauds targeting municipalities purchasing personal protective equipment or other supplies needed in the fight against COVID-19,” according to the FBI.

In one case, FBI agents report that employees at an unnamed financial institution reported receiving an email from someone posing as the firm’s CEO and asking to switch a previously scheduled $1 million payment to a different date “due to the Coronavirus outbreak and quarantine processes and precautions.”

In another case, a fraudster posing as a client from China sent an email to a business requesting that all invoices be changed to a different bank account due to “Corona Virus audits,” according to the FBI. The victim sent several wire transfers to the new account before discovering the fraud.

“Criminals have become more sophisticated by considering the psychological aspects of an attack,” says Mark Chaplin, principal at the Information Security Forum. “They anticipate the range of anti-BEC protection likely to be in place and also exploit circumstances relating to individuals receiving the communication. This has resulted in the most skilled, qualified and security-aware employees falling for a well-crafted, targeted attack.”