Business Email Compromise (BEC) Investigation & Tracing the Funds – DIGITPOL

Business Email Compromise (BEC) Investigation & Tracing the Funds - DIGITPOL

Business Email Compromise (BEC) is soaring and companies across Europe are been affected, BEC is an exploit in which the attacker gains access to a corporate email account and spoofs the owner’s identity to defraud the company or its employees, customers or partners of funds. Typically attackers request funds to be transferred to an offshore location typically to Hong Kong. Digitpol a global cybercrime investigation agency is providing assistance to affected firms via Digitpol’s Hong Kong offices by providing rapid assistance with freezing funds wired to fraudster’s accounts and liaison with local authorities to recover the stolen funds.

Business Email Compromise (BEC) is a scam targeting companies who conduct regular wire transfers and have suppliers abroad, typically firms that have business with Asia or with offshore locations are at target. BEC attackers rely heavily on social engineering tactics to trick unsuspecting employees and executives.

Business Email Compromise (BEC) fraud is the intentional deception made for personal gain or to damage another individual through email. Almost as soon as email became widely used, it began to be used as a means to defraud people. Email fraud can take the form of a “con game” or scam. Investigating email fraud reaches to all aspect of cyber crime investigation from recovery of funds transferred to a fraudsters bank account to a forensic examination to determine how fraudsters hacked into email accounts, such as digital forensics. Digitpol’s Investigation Team are certified computer forensic investigators and fraud examiners and can assist in all cases related to Email Scams and Fraud.

Digitpol CEO Mr Martin Coyne stated that bank accounts in offshore jurisdictions such as Hong Kong are been used to facilitate the crime and that the fraudsters are proven to be not local residents, BEC fraud is a growing problem globally. The process to freeze funds is complex and consists of search warrants and issuing no consent letter, which is only issued by the Police, often-legal action is needed to recover the frozen funds. In every case, the Hong Kong Police need evidence that the crime took place, often with complex email hacking cases, most firms don’t know how to collect evidence that can be accepted, Digitpol assists with that by providing an independent report and conducting digital forensics on the hacked email servers and compromised computers and digital devices. The first step for victims is to report the crime via the Hong Kong E-Crime System

Email fraud, scams, phishing attacks happens in most cases when cyber criminals find ways to hack into the email servers or accounts of small and medium companies, often targeting companies or investors conducting business with Asia countries. Cyber criminals gain access to email accounts and search through email accounts looking for sensitive information such as outstanding, unpaid invoices or data relating to financial transactions and business between supplier, vendor and clients. When cyber criminals identify a sale or a due invoice, the fraudsters then send various fictitious emails from the hacked email account or an email address replicated to the original purporting to be in charge of the sale or due invoice to be paid, the fraudster is then asking for transfers of funds into a nominated bank account, usually giving an excuse that there is a problem at the bank and an alternative account needs to be used. It is common that the nominated account is in the same name as the company name or with a very slight change such as an extra letter. It is common the bank account to be in the same city as the victim or client.

If the money has been wired to a bank in Hong Kong, which seems to be the most common destination, Contact Digitpol’s Hong Kong Branch.

Digitpol’s offices in Hong Kong are experts in the investigation of BEC and the process to freeze wired funds in Hong Kong and Asia. Digitpol Hong Kong will assist with the direct liasion on the ground with the local authorities and the banks.

Digitpol has seen a rapid rise of Business Email Compromise between a manufacture and a supplier when either is based in an offshore region or Asia, the targeted reason for this is due to the fraudsters ease of opening or using bank accounts in offshore regions and in Asia.

If your company has been targeted by Business Email Compromise and funds have been transferred to a bank account, Digitpol can help you, but only if you act fast and if you have the proof. If Digitpol is notified in time, Digitpol will assist with all matters such as reporting the crime to the local Police in the region the funds have been transferred to.

If a Business Email Compromise happens to you, you need to respond quickly. BEC fraud can lead to major disruption and financial disasters.

If you encounter or believe that you have been the victim of BEC fraud (i.e. phishing, fraudulent text messages etc.), please send an email to Be sure to attach any supporting documentation such as copies of suspicious emails, text messages and questionable links/URLs.

Contact Digitpol’s hotlines or respond to us online. CONTACT

Phone: Europe: +31558448040 | Phone Hong Kong: +85239733884

What is Email Fraud?

Email fraud provides a lucrative business for cybercriminals and internet con artists. Cyber adversaries use emails to trick victims into disclosing highly sensitive data. Most of the email frauds are financially motivated, which is the reason behind their high rate of prevalence. In a report provided by the FBI, email frauds constituted the most extensive forms of internet crime, where they caused losses amounting to US$1.4 billion in 2017.[1] The same report identified business email compromise and fake investment email scams as the topmost techniques used to execute email fraud attacks.

Types of Email Fraud

1. CEO fraud/Business Email Compromise

CEO email frauds purpose to compromise the structural organization in a business. They are frauds where cybercriminals gain access to email accounts of high-ranking executives using tactics such as spear phishing. Actors with unauthorized access to such accounts can pose as the legitimate owners and instruct other employees to carry out various operations such as transfer of vast sums of money to overseas accounts. CEO frauds are common due to their high success rates. Executives typically instruct their subordinates through emails, and CEO fraud provides the best opportunities for conducting attacks without detection.

2. Online Banking Scams

The internet has enabled organizations such as banks to provide services to customers through the internet. This has led to increased online banking scams commonly executed using phishing attacks delivered via emails. In such a fraud, an unsuspicious victim receives an email claiming that his bank has some problems which can be resolved through login into their online accounts. However, upon clicking the provided link, which can contain the correct URL address, a user is redirected to another website identical to the official online banking platform. The scammers can obtain all credential entered in the dummy website and use them to transfer money from the victim’s account.

3. Survey Scams

Survey scams are where a cybercriminal emails a victim concerning an online survey for statistical purposes or to win a prize. In such a case, an internet con artiste first studies the target’s interests. This is often accomplished through the social media profiles belonging to the victims and following their social activities. The email message sent to the victim may contain information appealing to their interests and compelling reasons for participating in the surveys. Clicking on the survey links may automatically install malicious scripts in the victim’s computers. Among other things, this can allow cybercriminals to remotely control the computer or acquire highly sensitive information like usernames and passwords to critical accounts. The aftermath is the information being used maliciously or cybercriminals using it to commit all types of cybercrime.

4. Employment Scams

Online con artists rely on the importance of the fraudulent email’s subject to commit frauds and scams. As such, they widely use fake employment opportunities to lure victims into divulging personal details such as their legal names, social security numbers, and bank account details. The fraudulent emails may seem to originate from a reputable organization to drown any suspicions. Upon replying to the email to express interest at the unexpected job opportunity, the victims are asked to provide the information so they can “start work immediately”. However, with their hands on such valuable data, the scammers can use it to steal the victim’s identity, empty their bank accounts, or use it in fake money orders requesting payments for various services.

5. Requests for Assistance

Internet scammers may prey on the victims’ kindness to commits email frauds attacks. They may use different strategies, including monetary rewards, for their plans to work. For instance, an email may state that the sender has a wealthy relative who for some reason, cannot access their monies and is in dire need of financial help. The scammer might ask for monetary assistance accompanied by the victims’ bank details for “refund and reward” purposes. In other instances, the fraudsters may claim they need a bank account for transferring their money or assets held in another country, promising a good reward. The scanners nevertheless use the provided information to access and empty the victims’ bank accounts. These types of email frauds are common since most victims are drawn by the huge rewards on offer.

6. Bogus sales Offers

Cybercriminals may capitalize on the need of individuals to acquire new products that are yet to be released to the market. This is by sending enticing e-commerce emails of new products such as smartphones or videogames retailing at low prices. Attracted to the low prices, and the fact that the products are yet to be released, some individuals may pay for the purchases. Of course, the purchased products are never delivered, and the victims end up waiting for days on end. Also, such types of email frauds may purpose to obtain the victim’s sensitive information such as credit card numbers. The cybercriminals may use the information to make their own illegal purchases.

7. Billing Problems

These are email frauds that mostly target online shoppers. Victims might receive emails that claim the products they purchased may not be delivered due to errors in billing address. The emails contain links to spoofed pages where attackers can access credit card information once the target fall in their traps. Attackers may use different techniques to increase their rates of success.

Media Contact
Company Name: Digitpol
Contact Person: Media Relations
Email: Send Email
Phone: +31558448040, +85239733884
Country: HongKong