$36M BEC Fraud Attempt Narrowly Thwarted by AI

With more than $36M nearly swindled away, an almost-successful BEC attempt in the commercial real estate space shows how sophisticated and convincing fraud attacks are becoming.

Dark Reading Staff, Dark Reading

March 22, 2023

2 Min Read
a digital blue keyboard with a red key that says "email security"
Source: Maksim Kabakou via Adobe Stock

In an attempt to fraudulently obtain more than $36 million, a threat actor emailed an escrow officer and their client, a commercial real estate company, while impersonating the senior vice president and general counsel of a trusted partner company. The business email compromise (BEC) attack was caught due to a flaw in a domain name, behavioral AI, and an advanced modeling system.

Included in the email was an invoice and instructions for payment for a loan worth $36.4 million. While this may be a number that might ring alarm bells for anyone else, commercial real estate involves the use of large-sum loans, according to an analysis from Abnormal Security, so there was no initial concern. A false company letterhead was used to legitimize the scam, and the cyberattackers added another reputable real estate investment company to the email chain to make it even more convincing. 

The escrow officer may have fallen for it, but the BEC attempt was caught due to artificial intelligence (AI) technology spotting signs of fraud, such as discrepancies in the wiring instructions, newly registered email domains, and irregular language patterns in the email. In addition to this, there was a minor change in the sender domain from ".com" to ".cam."

Though this attempt was caught, BEC attacks are becoming more popular — increasing by 84% in the first half of 2022 alone. They are continuing to prove to be successful against organizations, particularly those without multifactor authentication or security awareness training.

AI might be increasingly necessary to catch ever-more-savvy BEC attacks. "As attackers shift from executive impersonation to vendor fraud and increase their payment requests, the need for security leaders to keep their organizations safe increases," according to Abnormal Security. "Because modern supply chain attacks use seemingly genuine messages, traditional tools which look for indicators like malicious attachments are becoming less effective."

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights