The Gist: NioCorp Developments, a US mineral development company, recently suffered a costly Business Email Compromise (BEC) attack.Cybercriminals infiltrated its information and email systems, redirecting an earmarked vendor payment of approximately $500K to a fraudulent account.According to the SEC 8-K filing, NioCorp discovered the social engineering attack and contacted authorities to recover the redirected payment. The total damage of this event is under investigation.
- Over $40 million was stolen from an unnamed Singaporean commodities firm last summer. The attackers tricked the firm into transferring the money to a fraudulent bank account via a scam email that appeared to be from one of their suppliers. The stolen funds were quickly seized and returned in just 2 days.
- An Australian financial holding company received a fraudulent invoice for $940,000 from a lookalike domain. The attackers leveraged previous emails from the vendor to mimic communications, making the malicious email blend in with legitimate ones.
- A Connecticut business was scammed out of $5.4 million when they received an email from a fraudulent email address that nearly matched the email address of their general contractor. Thankfully, the money was traced and nine different bank accounts were seized by the government.
The Latest:
NioCorp is just one of the latest victims of BEC attacks. According to FBI statistics, BEC attacks have become one of the most frequent, effective, and costly attack methods, accounting for $55 billion in losses from 2013 to 2023, with $2.9 billion occurring in 2023. This number is poised to increase with the introduction of Gen AI and Agentic AI, enabling fraudsters to execute more sophisticated, frequent, and effective attacks than ever before- all while lowering the barrier of entry for less-skilled malicious actors.
Trustmi’s Take:
As security solutions evolve, so do the tactics of fraudsters. The increasing use of AI and sophisticated social engineering techniques by cybercriminals poses a growing threat to organizations. To combat these evolving threats, Trustmi recommends:
- Complementing your email security toolset with behavioral AI security solutions
- Connecting these solutions with existing your ERP systems
- Ensuring end-to-end visibility over the entire payment process
- Implementing systems capable of detecting anomalies across the organization
These measures are crucial for protecting businesses against the pervasive and increasingly sophisticated BEC attacks.
Learn more about BEC attacks, how they happen, and how to defend against them? Check out this blog post.
