Top 7 Real-Life Examples Of BEC Attacks Worldwide

Today, BEC attacks serve as the riskiest cyber threat to organizations and are the most lucrative attack method for cybercriminals. The losses incurred due to a BEC attack were $80,000 by 2020! Many companies are worried about the growing risk to their business from BEC attacks. If a small error can cost you millions of dollars, shouldn’t you be worried too?

The threat is real, and the only way to be ahead of it is to understand how it has impacted other companies worldwide. This is why we have compiled this list of the top seven real-life instances of BEC attacks that you should examine.

#1 PUERTO RICO GOVERNMENT

The month of January 2020 saw the government of Puerto Rico suffered a loss of more than an alarming sum of $2.6 million as a result of the BEC attack. This phishing attack was carried out via email. The US island’s Industrial Development Company, owned by the government, is designed to boost the island’s economic growth. The organization transferred the money to a fake bank account on January 17, 2020, following receiving an email asking for changes to the bank account for remittance payments. The police and FBI were contacted the FBI immediately after the fraud was discovered.

#2 HOMELESSNESS CHARITY TREASURE ISLAND

Treasure Island is another example of the devastating effects that come with BEC attacks. In June 2021, the renowned San Francisco-based charity for homelessness called Treasure Island suffered a terrible one-month BEC attack that caused an expense of 625,000. The attackers have hacked into the system for the email of the bookkeeper for the organization and then altered an authentic invoice issued by one of its partner organizations. In the end, employees of Treasure Island sent a huge amount of money destined to be donated by the partner organization to the hackers’ accounts. The charity was unfortunate enough not to have cyber security insurance and was forced to bear the loss in a single.

#3 TOYOTA BOSHOKU CORPORATION

A European affiliate belonging to the Toyota Group, Toyota Boshoku Corporation, has been hit with a major BEC attack which caused the business to lose $37.3 million in August of 2019. On August 14, 2019, the auto parts company was fooled into completing a massive payment to the hackers’ account. The attackers disguised themselves as the business partners of the subsidiary and targeted carefully designed emails to people in the finance and accounting departments. The emails demanded that funds be transferred into one specific bank account, which hackers controlled. Shortly after the transfer was initiated and the security specialists of the company discovered that they were fooled. But by that time, they were too late in stopping the transaction.

#4 FRENCH FILM PRODUCTION COMPANY PATHE

The renowned European-based chain of cinemas called Pathe suffered a huge loss of $21.5 million due to a prolonged BEC assault in March of 2018. The attack started in March 2018, the day that Dertje Meijer, who was Pathe Nederland’s director, was sent an unauthentic email via the email account of the CEO of Pathe. The hackers claim Pathe is in the midst of negotiations to acquire a Dubai company. As if they were CEOs and requesting Dertje Meije to make an unidentified amount of 931,600 dollars. After speaking with a superior, after receiving an invoicing for that amount, Meijer granted the money. Then, three additional payments, and Pathe Nederland had paid the hackers more than $21.5 million by March 27, 2018.

#5 TECH GIANTS GOOGLE AND FACEBOOK

One of the most significant BEC attacks ever and the BEC scam that targeted Google and Facebook has cost both companies more than $100 million. Cybercriminals set up an imposter company, claiming to be Taiwanese hardware company Quanta Computer. The hackers presented Google as well as Facebook with authentic invoices. Both of the victims quickly transferred the money into banks controlled by the hackers. With these invoices, hackers also crafted fake agreements and letters from lawyers to ensure that banks accepted the transfer.

#6 NETWORKING FIRM UBIQUITI NETWORKS INC.

Ubiquiti Networks Inc., the San Jose-based maker of high-performance networking technology, was the victim of an incredibly devastating BEC attack, which resulted in the company losing $ 46.7 million. Hackers tricked a worker at one of Ubiquiti’s subsidiaries in Hong Kong into depositing the enormous sum to banks controlled by threat actors. When the company was conscious of this breach, it contacted its financial institutions and law enforcement authorities. Fortunately, Ubiquiti was able to recover a small portion of the amount with the help of law enforcement authorities.

#7 WIRE AND CABLE MANUFACTURER LEONI AG

The year 2016 was when a renowned manufacturer of wire and cables, Leoni AG, was taken for $44 million by one of the most successful BEC attacks of all time. Cybercriminals impersonated a German chief executive to send messages to an employee at the financial department at the company’s factory located in Bistrita, Romania. The emails were carefully designed using insider information to appear real and request an amount of $44 million in a bank account. The employee was tricked into making the transaction, and the money stolen was transferred to a new bank account in the Czech Republic.

BEC scammers are targeting companies daily, and it is becoming increasingly important to take the appropriate steps to ensure that your company is secure. As the examples above demonstrate, most BEC attacks rely on spoofing an email address of a company’s domain to fool employees into believing that their bosses are sending scam emails.

To protect your company from the dangers of BEC threats, the most effective option is to protect your company’s domain from impersonation and spoofing. You can protect your email domain using an effective anti-spoofing solution and DMARC deployment software such as Emailauth. This will stop malicious actors from sending fraudulent emails on behalf of your company.