Business email compromise (BEC) scammers are utilizing a new type of attack targeting investors that could leverage payouts seven times greater than average.
When an investor buys into a firm’s investment fund, such as private equity or real estate fund, the firm may ask the investor to hold onto the money until they request it. This agreement allows an investor to keep their money in a more favorable investment to earn interest rather than sitting idle in an investment fund, and the fund can call on the investment when needed.
When an investment fund is ready to use the investor’s money, they issue a ‘capital call’ notice, a formal request for the investor to send them the agreed-upon money.
BEC scammers target Wall Street
In a new report by email cybersecurity company Agari, BEC scammers have started to target investors with fake ‘capital call’ notices that carry a much larger payout than your standard BEC scam.
In the ‘2021 Email Fraud & Identity Deception Trends‘ report released today, Agari states that the average targeted payout in a wire transfer BEC scam is $72,000. These scams are when the attackers impersonate a vendor and ask the victim to send payments to a bank account under their control.
With fake capital call notices having an average targeted payout of $809,000, seven times the usual wire transfer scam, attackers are beginning to utilize them in the hopes of a much larger payout.
“In emails to targets, BEC actors masquerade as a firm requesting funds to be transferred in accordance to an investment commitment. Because of the nature of such transactions, the payments requested are significantly higher than those sought in most wire transfer scams. The average payout targeted in capital call schemes: $809,000,” Agari explains in their report.
According to Agari, the attacks are initiated by threat actors emailing known investors’ accounts payable specialists with capital call notices requesting payment for fictitious investments.
“Based on what we’ve seen, threat actors aren’t using any insider knowledge in their attacks requesting capital call payments. Rather, the attacks are requesting payments for fictitious investments, similar to what we’ve seen for years where BEC actors request payments to fictitious vendors,” Crane Hassold, Agari’s Sr. Director of Threat Research, told BleepingComputer.
Source: Agari
Hassold explained that the attacks seen by Agari are sent from email services, most commonly the centrum.cz webmail provider based out of the Czech Republic.
Attached to these emails are document impersonating a capital call notice and demanding payment for the fake investment.
Source: Agari
If they are able to convince the target to transfer the money, the attackers would quickly move the money to other accounts under their control and use money mules to withdraw the money so that bank cannot return it to the victim.
While wire transfer scams are here to stay, by performing different attacks based upon a particular victim, the threat actors stand to make a much larger payout.
To defend against such attacks, both the investment firms and investors must utilize strong email security.
Agari has told BleepingComputer in the past that “a multi-layered approach to email security is essential, which includes implementing strong anti-phishing email and email authentication protections that specialize in defending against advanced identity deception attacks and brand spoofing.”
Agari also recommends that all companies institute a formal process for handling outgoing payment requests, especially if the payment information has changed since the original agreement. Ultimately, the best way to avoid sending money to a threat actor is to always confirm the request and banking information through a phone call directly to the investment firm.
Never utilize the contact information in the emails you receive but instead call them directly using previously known contact info.
For more information about BEC scammers’ other methods to steal corporate money, you can read Agari’s report released today.