BEC Fraud – How Criminals looted Millions

Email address is an integral part of today’s business communications. But do you know your email address could be used to conduct a multi-million dollar wire transfer fraud?

BEC Fraud

Now you might be thinking how’s that possible? See how.

You contact your banker through email, right? Criminals take advantage of this online communication and conduct a chain of frauds starting from a Business Email Compromise (BEC) fraud and end at wire transfer fraud of millions of dollars. 

As per the FBI’s Internet Crime Report (ICR) of 2018, BEC fraud losses rose by 90.3% in 2018 and fraud complaints rose by 14.3%. Norton predicted that cybercriminals will steal an estimated 33 billion records in 2023. 

How a BEC fraud is Conducted?

Criminals are devising advanced methods to defraud businesses around the world. Wire transfer fraud is one of the most damaging ways to accumulate illegal monetary gains. Online identity verification is a feasible solution to prevent wire transfer fraud as its a cybercrime conducted hiding behind a stolen identity. 

In case a criminal does not have access to the original email ID he makes one similar to the real email address of the client. For example, he would use an ID, [email protected] instead of [email protected].

Since he poses as a regular client, he would start a casual conversation and later request an urgent transfer of funds. Also, he will give bank account details for money transfer. 

A bank employee or company’s accounts department employee would not suspect it and will make an urgent payment to prevent any penalties due to late payment. In this way, criminals defraud businesses and banks, this fraud is called BEC (Business Email Compromise) fraud in the FBI’s regulations. 

Common Victims of BEC or Wire Transfer Fraud 

Wire transfer fraud is broadly targeted towards all types of businesses. The most common victims are banks, real estate sector, and B2B service providers. Criminals target them from various angles. 


Banks are the most common victims. Many banks are using KYC and AML compliance solutions to onboard customers or for online funds transfer but ignore these rigid protocols when making a wire transfer. Wire transfer is considered more secure by businesses and banks when making large transactions due to its special security protocols. 

Fooling a bank’s employee is becoming easier because banks receive legitimate wire transfer requests daily. Also, once the relationship is built with a client, his service requests are completed ASAP to retain healthy relationships with them. 

Once the real account holder finds out about funds transfer he demands a refund from bank. As a result, the bank loses its credibility and bears the financial loss. 

Real Estate

Using fake identity or stolen credentials of a seller, law firm or the title firm criminals get their hands on sales proceeds of a legitimate business deal. First, they gather information regarding an ongoing real estate deal and contacts the buyer as the seller or his legal attorney. Once they achieve the trust of the buyer, they will demand an urgent payment and request a wire transfer. 

Once the seller finds out about fraud, he backs off from the deal, although fraud was successful due to the imprudent behavior of both parties in that deal. The seller business did not secure its identity credentials (email, etc.) properly and the buyer did not practice due diligence on payment requests. 

Often fraudsters send invoices using the header of the original seller to portray the whole scenario as a transparent transfer. 

3 Shocking BEC Fraud Cases Involving Wire Transfer

50 years old Evaldas Rimasauskas tricked Google and Facebook to wire more than $100 million to his bank accounts.

A 50 years old Lithuanian citizen, arrested on March 2017, was sentenced to 30 years in prison. He played a vital role in a scheme that fooled the employees of Facebook and google to transfer more than $100 million to his several bank accounts. 

The man registered a firm in Latvia with a name similar to “Quanta computer” with which Facebook and Google both worked in the past. Taking advantage of this relationship, he sent phishing emails to employees of Google and Facebook. This scheme also involved fake invoices and contracts that increased the chances of frictionless processing of fraud. 

He tricked the employees of both companies into wiring money to his bank accounts in Latvia and Cyprus. Later, funds were transferred to banks in Hong Kong, Cyprus, Slovakia, Hungary, Latvia, and Lithuania. 

Identity proofing is a valuable tool that can be utilized by businesses to screen consumers before proceeding with any kind of a transaction with them. 

Scott County Schools lost $ 3.7 million to BEC fraud

Scott County Schools have been the victim of a major BEC fraud. The school received phishing emails from a scammer who was imitating as one of their vendors. Emails included forged documents and details of a bank account that was controlled by the scammer. 

Later when they received an email from their original vendor about pending payments, it started an investigation about the fund transfer. The investigations revealed that payments were made to a scammer instead of the original vendor. Scott County Schools lost 3.7 million dollars due to this scam. 

A Church lost $1.75 million in a BEC fraud

Fraudsters target all types of institutions, businesses, and organizations. A church was defrauded in a BEC fraud. St. Ambrose Catholic Parish in Brunswick, Ohio, lost $1.75 million to a BEC fraud. A scammer contacted the church as their contractor for renovation and demanded payment for renovation work. 

This scam was revealed when the Church received a payment reminder from their original contractor. This BEC fraud was also the same as the one that happened with Scott County Schools. 

Practices to Eliminate Wire Transfer Fraud

Run complete identity proofing before making any transactions

Screen clients through online identity verification before validating any transactions. Although banks often run identity proofing on individuals before validating their fund transfer requests, businesses should also introduce real-time identity proofing solutions into their systems. Because you never know if your client’s or vendor’s email has been compromised. 

Ask your clients and vendors to go through complete identity proofing before validating their fund transfer request. The risk of catering to a fraudster or an imposter will be eliminated at the very first stage. Another solution is to contact your client through means other than email and take their legal consent before transferring huge sums. 

Banks and businesses both are common victims of these frauds and identity verification of email fund transfer requests is a feasible solution. 

Especially the banks should not ignore it due to security protocols(such as data encryption) involved in a typical fund transfer process. Wire transfer might be difficult to decode for fraudsters but sending fake emails is not difficult these days. 

Employee training and accountability

A PWC survey of 2018 stated that 52% of frauds were perpetrated by people inside organizations. Often an employee facilitates a fraud knowingly or unknowingly. Employees must be trained to identify phishing emails, it improves their performance and reduces the risk of falling prey to BEC fraud. 

A Canadian bank was used in a BEC fraud attempt. A scammer sent a scam email as a staffer’s manager and demanded payment for services that he never delivered. He requested the employee to send $20,000 to an account in a Canadian bank. As the email ID was suspicious, and the request was missing the official chain of command and finance protocols, the employee found it suspicious and reported the company about it. 

Companies overlook training their employees regarding the latest fraud trends. BEC and wire transfer fraud can be eliminated easily if employees are trained about new technologies introduced within an organization or industrial changes and fraud trends. In case an employee is unaware of such advancements the chances of him falling prey to such scams are high. 

It’s never too late to practice caution

To wrap up, BEC and wire transfer fraud is increasing and damaging all types of businesses. BEC and wire transfer fraud can be  reduced. Proper identity verification of the person making wire fund transfer request should be practiced every time a friendly reminder comes from a client or a vendor regarding pending payments. 

The frauds are evolving at a surprisingly fast pace so, all types of organizations (schools, banks, businesses, churches, hospitals, etc) need to exercise due diligence on people making wire transfer requests. Keep your employees trained regarding the latest fraud trends and their prevention techniques. Also maintaining transparent relationships with clients aids in preventing these frauds. 

Spread the love

Article Author Details

James Efron

James Efron is a tech enthusiast, currently serving as infosecurity management expert at Shufti Pro. In previous roles, he has designed organisational strategies for tech firms.

He indulges in advanced technologies, including AI and big data, often extending a hand to firms experiencing digital transformation.