Email Security Blog

FBI’s Big BEC Bust: The Rapidly-Evolving Phishing Threat & New Ways to Stop It

John Wilson June 27, 2018 BEC
Fallback Featured Image

Part 3 of a 4-part series
View Next in Series
 | View Previous in Series

‘Operation WireWire’ disrupted $14 million in scams—but as business email compromise spikes, innovative approaches to cybersecurity gain new urgency

By all accounts, “Operation WireWire” was a massively successful crackdown against business email compromise (BEC) rackets around the globe. But did it really just raise more alarm?


On June 11, the FBI announced that a coordinated, six-month international law enforcement action against BEC rings had led to 74 arrests in the US, Nigeria and elsewhere.

The sting included the Department of Justice, Homeland Security and partner agencies worldwide.

Its purpose: take down cybercriminals launching sophisticated phishing attacks meant to fool corporate employees into sharing sensitive information or making hefty payments to what they mistakenly believe to be trusted colleagues or partners.  

According to authorities, more than 50 raids resulted in the seizure of $2.4 million and the “disruption and recovery” of another $14 million in bogus wire transfers.

So, score one for the good guys, right? Absolutely. But with losses in the US topping $5 billion over the last three years, WireWire has also cast a spotlight on a threat that should have anyone responsible for cybersecurity and corporate messaging on notice.

A Message Most Sinister

Barely a blip on anyone’s radar just a few short years ago, BEC ploys have emerged as a critical issue for businesses everywhere.    

As it stands now, 95 percent of all successful cyber attacks start with email sent to a well-targeted victim. Thirty-percent of recipients open phishing emails, and more than 1 in 10 click on malicious attachments.

After a typical attack is launched, its first target will be compromised in under 4 minutes.

So what gives? For starters, yesterday’s typo-laden spam is long gone. For a time, content deception took precedence, through seemingly innocuous email messages and attachments designed to deposit malware. As SEG (Secure Email Gateway) vendors added anti-malware detection capabilities to their offerings, phishing morphed into something more insidious.

Today,  it’s all about identity deception—targeting specific individuals ostensibly from a known or trusted sender in order to manipulate the victim into taking actions they otherwise wouldn’t—without detection.

BEC: Brutal, Effective, Costly

As Information Security reports, BEC can now be categorized as an advanced persistent threat (APT) because of the profound danger it poses to organizations.

Take FACC AG, an airbus supplier that lost $54 million in a “fake president” phishing swindle in 2016. In that scenario, hackers used email to impersonate the CEO and initiate a wire transfer to a fraudulent account. Last year, Google and Facebook were bamboozled out of $100 million, though they were ultimately able to recover funds.

Today, some attacks involve sending victims what appear to be Office 365 document-sharing invites from colleagues. Some perpetrators even create LinkedIn and Facebook identities to aid in their impersonation plots.  

According to the FBI, the biggest cons in BEC include wire transfers, employee W-2 forms, and real estate schemes. Indeed, these and other cons are so elaborate and convincing, even an initial response to a probe makes it 10X more likely the recipient will become a victim of an attack than the average.  Which helps explain why in the first quarter of 2018, phishing represented 50% of all attempted cyberattacks. In the last year, 96% of all companies were  targeted by one hustle or another.  

Postcards from the New Perimeter

As it happens, the arrests in Operation WireWire come as no surprise to those familiar with BEC.

Sure, Nigeria may have once been known for fraudulent emails from mischievous “princes” seeking safe harbors for their supposed fortunes. But today, it’s home to 9 out of 10 of the most notorious BEC crime rings, with operatives and money mules spread out around the globe.

According to the FBI, losses from attacks from these organized rings and others are up 2,370% in just over a year. Which means finding solutions has grown urgent.  

“At its core, business email compromise is a social engineering ruse that leverages familiarity, authority and trust, which can result in billions of dollars of losses to businesses,” says  Markus Jakobsson, our chief scientist here at Agari—one of only a handful of companies developing innovative solutions to help organizations fight back against BEC.

For instance, on  the heels of WireWire, we  announced the latest quarterly enhancements to our Identity Deception Protection solutions, including the ability for companies to “search & destroy” active email threats and gain granular visibility into fraud tactics.  

Standing Up to the Challenge

Whether these or other technologies will be enough over the long term remains to be seen. But one thing seems clear.

Operation WireWire was just the tip of the iceberg. As impressive as they may be, none of us can expect even the coordinated efforts of the FBI to save us from this rapidly-evolving threat.

To learn more about the latest trends in BEC attacks, check out this special Osterman Research report surveying several organizations about their views on email security and how they deal with them.


Leave a Reply

Your email will not be published. All fields are required.

man working on computer

December 14, 2020 Ronnie Tokazowski

BEC Response Guide— Tips for Responding to Business Email Compromise Incidents

This post originally appeared on Medium and is published here courtesy of Ronnie Tokazowski. For…

woman working on computer

December 1, 2020 Ronnie Tokazowski

BEC Cash-out Methods: Email Fraudsters Experimenting With Alternative Approaches

Business email compromise (BEC) actors are exploring alternative cash-out methods for spiriting away the profits…

Agari Blog Image

October 30, 2020 Armen Najarian

BEC Scams: What to Look For, What to Do

We'll cover what BEC scams (Business Email Compromise scams) are, how they work, what you…

Agari Blog Image

August 5, 2020 Michael Paiko

Phishing & BEC Scams Soar 3000%: Agari H2 2020 Email Fraud and Identity Deception Trends Report

Coronavirus-related phishing attacks and business email compromise (BEC) scams skyrocketed 3,000% from mid-March through early…

Agari Blog Image

July 17, 2020 Patrick Peterson

Business Email Compromise: New Shift in BEC Threat Landscape Puts CISOs on Notice

A seismic shift in the email threat landscape has CISOs bracing for sophisticated new forms…

mobile image