Business Email Compromise (or CEO/CFO Impersonation Fraud)

According to the FBI, Business Email Compromise (BEC for short, or CEO/CFO impersonation fraud) have caused at least USD 3.1 billion in total losses to over 22,000 enterprises around the world.

The FBI defines BEC as a sophisticated email scam that targets businesses working with foreign partners that regularly perform overseas wire transfer payments.

The BEC schemes come in different variations but generally the modus operandi is as follows:

  1. Cyber criminals use phishing emails and social engineering techniques to gain access to the email accounts and various systems of executives or companies.
  2. The cyber criminals will identify who the CEO/CFO is or the individual within the company that has authority to transfer funds, as well as the schedules of these executives, i.e., when they would be on business trips or vacation.
  3. The cyber criminals will then spoof the CEO/CFO’s email accounts or pretend to be the CEO/CFO by email and send instructions to responsible company personnel to effect a fund transfer to an overseas bank account.
  4. The cyber criminals may also pretend to be a business partner and ask the company to send funds to a new bank account (the fraudulent bank account) by indicating that due to administrative need or tax or audit purposes, they have used a new bank account to receive money for business transactions.
  5. Upon reaching the criminals’ bank account, the funds are quickly transferred through a number of additional bank accounts to frustrate any attempts to freeze or trace the funds.

Banks in Hong Kong and China are the most commonly reported ending destinations for these fraudulent transfers.

If you are hit by a BEC, the key to recovering the scammed monies is to trace and catch the funds before they have been transferred on. Here are some tips:

  • Immediately notify the remitting bank and see if it can contact the correspondent bank or the bank that is receiving the wire transfer to hold and/or to refund the money and to put those banks on notice that they are dealing with the proceeds of crime;
  • Immediately report the matter to the FBI and the local law enforcement agencies in the receiving jurisdiction;
  • Bringing legal counsel into the picture as soon as possible to maximize the chance of freezing the money by liaising with the law enforcement agencies and the banks, and seek Court intervention for asset freezing orders and to pursue the fraudulent bank accounts that have received the money;
  • Consider contacting the insurer if the company has any risk, theft or cyber insurance coverage.

For additional information, or if you have been the victim of a cybercrime with ties to Hong Kong and/or China, please contact Dominic Wai with ONC Lawyers.

Recent Posts

FTC Implements Nationwide Ban on Noncompete Agreements: Impact on Workers, Innovation, and Employers

The Federal Trade Commission (FTC) has made a recent announcement of a final rule banning…

9 hours ago

Navigating an IRS Audit: What Every Taxpayer Should Know

Receiving a notice from the Internal Revenue Service (IRS) that you're being audited can be…

5 days ago

Employment Agreements to Safeguard Your Business in the Absence of Non-Compete Agreements

In the world of business, protecting proprietary information and retaining top talent are crucial components…

6 days ago

Lawsuit over DeLorean Trademarks Heading to Trial – Back to the Future Time Machine at Issue

In the world of cinema, few vehicles are as iconic and beloved as the DeLorean…

2 weeks ago

USPTO Unveils Major Fee Overhaul for 2025: New Charges and Increases to Impact Patent Prosecution Strategies

The United States Patent and Trademark Office (USPTO) is set to implement a significant overhaul…

3 weeks ago

The Purpose of Florida’s District Courts of Appeal

As reviewing courts, Florida’s District Courts of Appeal serve as vital pillars of Florida’s judicial…

4 weeks ago