Business sellers of IT, produce and other commodities should beware of business email compromise (BEC) scammers looking to get their hands on assets without payment, the FBI warns.
These attacks start in the same way as many traditional BEC threats. Scammers spoof legitimate corporate email her domains and use display names of current or former employees to make the scam look more realistic.
Read more about BEC fraud: BEC attacks will surge by 81% in 2022.
However, instead of sending bogus invoices or money transfer requests, they try to “buy” expensive items such as construction materials, agricultural supplies, IT hardware, and solar energy products.
The key to them getting away without paying is to use fake credit checks and fraudulent W-9 forms to demand the use of credit terms known as Net-30 and Net-60. . Criminals can purchase without upfront payment if the vendor agrees to use it.
“After unsuccessful attempts to collect payment, or after contacting the company believed to have placed the order in the first place, the victimized vendor is notified that the email was fraudulent. Only then will you eventually notice the scam,” the FBI warned.
The FBI has urged companies to avoid this new type of BEC:
- Call the email sender directly to verify their identity and employment status, not the phone number listed at the end of the fraudulent email
- Make sure the email domain associated with your sending company is correct
- Enter the URL directly instead of clicking the link in the email
As fraudsters continue to find new ways to monetize their attacks, some of the proven BEC techniques remain popular. Researchers last week uncovered her daring $36 million attempt to persuade companies to pay one of her “partners” whom attackers impersonate.
According to the FBI, BEC will be the second highest-grossing type of cybercrime in 2022, with cybercriminal revenue surpassing $2.7 billion last year.
