WASHINGTON - Today the U.S. Secret Service hosted a cyber incident response simulation with business leaders, law enforcement and other private sector partners focused on business email compromise attacks and mitigation strategies.
Business email compromise (BEC) scams are cyberattacks using stolen information, via email, to trick victims into transferring funds to an unauthorized financial account controlled by a criminal actor. BEC attackers are threat indiscriminate and they will target any industry or business sector where financial transactions are made. In the past six years, this form of cyber-enabled financial crime accounts for an estimated loss exceeding $30 billion.
“Criminals are opportunistic. The opportunity for financial gain through these types of attacks is certainly going to entice cybercriminals to further embrace and weaponize BEC scams,” said U.S. Secret Service Office of Investigations Assistant Director Jeremy Sheridan. “These are pernicious strikes targeting not only the email accounts of large corporations, but also those of individuals who use email to conduct financial transactions on a daily basis.”
Everyone is vulnerable to business email compromises. Governments, global corporations, medium and small business and individual consumers are all potential marks for cybercriminals. As of late, BEC scams have become particularly prevalent in the real estate sector. The inherent, highly transactional nature of the real estate business makes it an attractive target. Real-estate focused BECs are insidious because they seek out individual home buyers and sellers, often threatening these individual’s life savings in the process. Those who fall victim to these types of cyberattacks typically have no safety net to recover from their financial losses.
The Secret Service takes a multifaceted and multilayered approach to combatting BECs, specifically those that focus on the real estate market. Since 2019, the Secret Service through its Cyber Fraud Task Forces (CFTF) and Global Investigative Operations Center have intercepted and/or returned $160 million in victim-derived funds from incidents involving BECs. This financial recovery and ongoing campaign against cybercrime is made possible through the Secret Service’s strategic relationships.
“The Secret Service is founded on partnerships,” said Assistant Director Jeremy Sheridan. “Without robust information sharing from the private sector, from academia, from our state and local law enforcement partners, there's no way we could be effective in this space and assign attribution and consequence to BEC actors, both domestically and abroad.”
Today’s cyber simulation was the ninth of its kind and the seventh virtual event conducted with the agency’s CFTF partners. Executives who play an active part in their organization’s cyber incident response were offered a simulated scenario to enhance planning, collaboration and information sharing between state and local government agencies and the Secret Service. The uniquely designed cybercrime crisis role-play simulation allowed participants to gain a better understanding of how to respond to BEC attacks efficiently and effectively, namely those victimizing the real estate market.