FBI Special Agent Names Business Email Compromise as No. 1 Priority, Eclipsing Ransomware Attacks

By:
Chris Gaetano
Published Date:
Nov 20, 2019
hacker-1944688_1280

Michael J. Driscoll, FBI special agent in charge of the Criminal Division for the bureau's New York Field Office, speaking at the Foundation for Accounting Education's Nov. 20 Anti-Money Laundering Conference, said that business email compromise fraud has very swiftly become his office's number one priority in terms of financial crime, eclipsing even the ransomware attacks that had occupied so much of its attention before. 

"If I came and spoke to you a year ago, I'd be very big on this [ransomware] threat. ... But now our number one concern is business email compromise. It is the number one financial threat to our businesses in the U.S. The volume of attacks is astounding," he said. 

Business email compromise fraud occurs when an attacker steals money from a firm by  impersonating high-level decision makers who can authorize fund transfers. So, for example, an attacker might send an email that appears to be from the CEO to the payroll director, ordering that person to wire money to a bank account in Switzerland as soon as possible. By the time the deception is revealed, it is too late, as the funds are now long gone. This can be done through hijacking the email system itself, or through using a wide variety of "spoofing" tools already available to do so from the outside. The FBI's data says that, between May 2018 and July 2019, there was a 100 percent increase in identified global exposed losses due to business email compromise. 

In most cases, Driscoll pointed out, typical cybersecurity tools don't really apply, since business email compromise relies more on social engineering than software. 
 
"You can set up all the firewalls and security you want, [but] you need to have a very, very strong education program within your organization that encourages people to never, ever make a financial change based on an email. That sounds like common sense, but all day long, we see folks changing where money is moved based on an email; we're talking millions of dollars," he said. 

Another major priority that the FBI has taken on lately is elder fraud. Reports on elder fraud, according to the CFPB, quadrupled between 2013 and 2017. Driscoll trusted that his audience members were well aware of this phenomenon. 

"For those with older parents, they've gotten those phone calls, those emails, that encourage them to send money. ... Yesterday we got a phone call at the office, an elderly gentleman was duped of $1.2 million of his retire funds, and he thought he was helping start a new business contributing to child education and a whole variety of things. Very fast, that individual lost most of his retirement savings." 

He said his office has recently formed an Elder Fraud Task Force specifically devoted to this type of crime in response to growing reports. 

When someone has been the victim of financial fraud of any type, "your first phone call is law enforcement, your second phone call is your financial institution," he said, noting that the FBI will work with victims' financial institutions to either cancel the funds transfer or, if the money has already gone out, get it back from wherever the money went. However, he said, time is of the essence. Generally, law enforcement has about 72 hours to recover the funds before they disappear, provided the transfer was overseas; if the money was transferred domestically, that time frame could be as low as 24 hours. While there have been instances when the FBI has gotten lucky and recovered funds past that point, it's "highly unlikely." 

Another major area that the FBI has turned its attention to has been, he bluntly said, "spies." While the work in countering these threats may conjure up exciting images from spy thrillers, he said the nature of modern counterintelligence has changed drastically since the Cold War. 

"We've all seen James Bond. We all know cloak and dagger mysteries, folks in a dark ally with one newspaper tucked under their arm walking past another. Those days have kind of passed," he said. 

For one, what spies are looking for have changed. While, yes, countries are still looking to access things like defense secrets, the biggest focus right now is on economic espionage, and so that is where the FBI is concentrating most of its counterintelligence resources. 

"We're talking about nontraditional collectors, folks working for a nation state threat but are not your typical spy. Not someone at the embassy assigned to an attache but really there to spy. These are folks who are professors, who are business partners, who are students, researchers, consultants, here for any variety of reasons but used by these countries to gather information on the U.S., particularly on the economic front," he said. 

He noted that with certain countries such as China ("no one is better at this than China, frankly") the biggest companies with most international presence are either wholly state-owned or are heavily influenced by the state. This means, when a private entity deals with these companies, they're also dealing with the government, which he says takes a "whole of government, whole of country approach [to] take advantage of whoever they're dealing with to get an advantage." 

No matter the threat, however, Driscoll said that they all have to launder their money, whether they are hackers or fraudsters or even spies from other nations. This common need means that by choking off the means through which money launderers can do so, law enforcement can address many different crimes at the same time. Doing so means looking for the gatekeepers who offer initial access to key people, facilitators who link different groups together, professional money launderers who perform the actual work, and complicit financial institutions that, whether by incompetence or malice, enable everyone else. 

In order to catch money launderers, law enforcement uses a variety of tools. One is international associations like the Egmont Group, composed of 155 financial intelligence organizations around the world, where law enforcement frequently goes for data requests. He also pointed to the large number of different reports that financial institutions are required to file, the chief of which is the Suspicious Activity Report (SAR). 

SARs are useful in a wide variety of contexts, such as identifying "folks involved in low-level structuring, low amounts on a repeated basis," Driscoll said. "They're also key for identifying facilitators who make money laundering possible. They're very important for identifying serial fraudsters with repeated names popping up in SARs. And they're very important for identifying typologies, what methods they are using to launder money, what recurs again and again, institutions are getting taken advantage of: SARs identify all this." 

But he said that this isn't to discount other reports either; for instance, he said that Foreign Bank and Financial Account (FBAR) reports have been vital in countering nation state threats. 

However, there is a hard limit to what the FBI can do on its own; he noted that the vast majority of the work the bureau does relies on voluntary cooperation. He exhorted his audience to keep regular contact with law enforcement and help them stay aware of new and emerging threats. 

"Without you opening the door, there's no way to even be aware of the threat. That we rely on your cooperation and [that of] businesses across the country has never been more important than it is today. ... If you do not have regular contact with your FBI office, I encourage you to do so because you do not want to make that call after discovering a significant threat. You want to have those contacts in advance." 

Click here to see more of the latest news from the NYSSCPA.