Email Security Blog

FBI’s Big BEC Bust: The Rapidly-Evolving Phishing Threat & New Ways to Stop It

John Wilson June 27, 2018 BEC
Fallback Featured Image

Part 3 of a 4-part series
View Next in Series
 | View Previous in Series

‘Operation WireWire’ disrupted $14 million in scams—but as business email compromise spikes, innovative approaches to cybersecurity gain new urgency

By all accounts, “Operation WireWire” was a massively successful crackdown against business email compromise (BEC) rackets around the globe. But did it really just raise more alarm?


On June 11, the FBI announced that a coordinated, six-month international law enforcement action against BEC rings had led to 74 arrests in the US, Nigeria and elsewhere.

The sting included the Department of Justice, Homeland Security and partner agencies worldwide.

Its purpose: take down cybercriminals launching sophisticated phishing attacks meant to fool corporate employees into sharing sensitive information or making hefty payments to what they mistakenly believe to be trusted colleagues or partners.  

According to authorities, more than 50 raids resulted in the seizure of $2.4 million and the “disruption and recovery” of another $14 million in bogus wire transfers.

So, score one for the good guys, right? Absolutely. But with losses in the US topping $5 billion over the last three years, WireWire has also cast a spotlight on a threat that should have anyone responsible for cybersecurity and corporate messaging on notice.

A Message Most Sinister

Barely a blip on anyone’s radar just a few short years ago, BEC ploys have emerged as a critical issue for businesses everywhere.    

As it stands now, 95 percent of all successful cyber attacks start with email sent to a well-targeted victim. Thirty-percent of recipients open phishing emails, and more than 1 in 10 click on malicious attachments.

After a typical attack is launched, its first target will be compromised in under 4 minutes.

So what gives? For starters, yesterday’s typo-laden spam is long gone. For a time, content deception took precedence, through seemingly innocuous email messages and attachments designed to deposit malware. As SEG (Secure Email Gateway) vendors added anti-malware detection capabilities to their offerings, phishing morphed into something more insidious.

Today,  it’s all about identity deception—targeting specific individuals ostensibly from a known or trusted sender in order to manipulate the victim into taking actions they otherwise wouldn’t—without detection.

BEC: Brutal, Effective, Costly

As Information Security reports, BEC can now be categorized as an advanced persistent threat (APT) because of the profound danger it poses to organizations.

Take FACC AG, an airbus supplier that lost $54 million in a “fake president” phishing swindle in 2016. In that scenario, hackers used email to impersonate the CEO and initiate a wire transfer to a fraudulent account. Last year, Google and Facebook were bamboozled out of $100 million, though they were ultimately able to recover funds.

Today, some attacks involve sending victims what appear to be Office 365 document-sharing invites from colleagues. Some perpetrators even create LinkedIn and Facebook identities to aid in their impersonation plots.  

According to the FBI, the biggest cons in BEC include wire transfers, employee W-2 forms, and real estate schemes. Indeed, these and other cons are so elaborate and convincing, even an initial response to a probe makes it 10X more likely the recipient will become a victim of an attack than the average.  Which helps explain why in the first quarter of 2018, phishing represented 50% of all attempted cyberattacks. In the last year, 96% of all companies were  targeted by one hustle or another.  

Postcards from the New Perimeter

As it happens, the arrests in Operation WireWire come as no surprise to those familiar with BEC.

Sure, Nigeria may have once been known for fraudulent emails from mischievous “princes” seeking safe harbors for their supposed fortunes. But today, it’s home to 9 out of 10 of the most notorious BEC crime rings, with operatives and money mules spread out around the globe.

According to the FBI, losses from attacks from these organized rings and others are up 2,370% in just over a year. Which means finding solutions has grown urgent.  

“At its core, business email compromise is a social engineering ruse that leverages familiarity, authority and trust, which can result in billions of dollars of losses to businesses,” says  Markus Jakobsson, our chief scientist here at Agari—one of only a handful of companies developing innovative solutions to help organizations fight back against BEC.

For instance, on  the heels of WireWire, we  announced the latest quarterly enhancements to our Identity Deception Protection solutions, including the ability for companies to “search & destroy” active email threats and gain granular visibility into fraud tactics.  

Standing Up to the Challenge

Whether these or other technologies will be enough over the long term remains to be seen. But one thing seems clear.

Operation WireWire was just the tip of the iceberg. As impressive as they may be, none of us can expect even the coordinated efforts of the FBI to save us from this rapidly-evolving threat.

To learn more about the latest trends in BEC attacks, check out this special Osterman Research report surveying several organizations about their views on email security and how they deal with them.


fish hook in envelope with letter

October 21, 2021 John Wilson

What Is a Phishing Attack? Types, Defenses & Prevention

  Phishing attacks are all too common and can make a company lose millions of…

Man perplexed looking at laptop computer

October 8, 2021 John Wilson

How to Prevent Business Email Compromise Attacks

How can you prevent business email attacks? Is training enough? We'll walk you through solutions…

laptop with envelope and security badge-secure email

June 21, 2021 John Wilson

TLS for Email: What Is It & How to Check if an Email Uses It

What exactly is TLS? TLS is a popular Internet security protocol designed to establish secure…

Agari Blog Image

June 8, 2021 Crane Hassold

Inside a Compromised Account: How Cybercriminals Use Credential Phishing to Further BEC Scams

Why would a cybercriminal spend time developing malware when he can simply trick unsuspecting users…

Agari Blog Image

February 11, 2021 Crane Hassold

Cosmic Lynx Returns in 2021 with Updated Tricks

In July 2020, we published a report on a Russian-based BEC group we called Cosmic…

mobile image