Connect with us

Hi, what are you looking for?



FBI Expects Increase in COVID-19-Themed BEC Scams

The Federal Bureau of Investigation is expecting an increase in the frequency of scams related to the current COVID-19 pandemic, including those involving business email compromise (BEC).

The Federal Bureau of Investigation is expecting an increase in the frequency of scams related to the current COVID-19 pandemic, including those involving business email compromise (BEC).

A type of fraud targeting those in charge of performing legitimate funds transfers for a company, BEC scams aim to trick unsuspecting victims into sending money to the attackers.

In BEC attacks, the victim typically receives an email apparently arriving from a company they normally conduct business with, requesting payments be made to a new account, or demanding a change in the standard payment operations.

According to the FBI, losses from BEC scams surpassed $1.7 billion in 2019, and are only expected to increase. More recently, there has been an increase in BEC attacks targeting municipalities purchasing personal protective equipment or other supplies for the ongoing coronavirus crisis.

One of the most recent examples of BEC fraud targeted a financial institution with an email allegedly arriving from the CEO of a company and related to a previously scheduled transfer of $1 million. The message requested the transfer date be moved up and to a new account, due to the COVID-19 situation.

In another incident, a bank customer received a message from an alleged client in China, requesting that all invoice payments be changed to a different bank, claiming that their regular accounts could not be accessed due to audits. Several transfers were made to the new bank before the fraud was discovered.

To stay protected from this type of fraud, organizations should look for specific red flags, including an unexplained urgency, last minute changes in wire details or in established communication platforms, refusal to communicate via telephone or online voice/video services, requests for advanced payment of services if previously such payment was not required, and requests to change direct deposit information.

According to the FBI, being skeptical of any last minute changes in wiring instructions and verifying all such changes via the contact on file could help avoid falling victim to fraud. To stay protected, users should also make sure that URLs in emails are associated with the business they claim to be from, should be wary of hyperlinks that may contain misspellings of the actual domain name, and should verify the email address used to send emails.

Advertisement. Scroll to continue reading.

Immediately after discovering that they might have fallen victim to a fraudulent incident, users should contact their financial institution to request a recall of funds, and should also report the issue to the employer. Victims are advised to also file a complaint with the FBI’s Internet Crime Complaint Center as soon as possible.

Related: Nigerian Threat Actors Specializing in BEC Attacks Continue to Evolve

Related: BEC Losses Surpassed $1.7 Billion in 2019: FBI

Related: Two Dozen Arrested for Laundering Funds From BEC, Other Scams

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...