The FBI is warning that criminals are using business email compromise (BEC) tactics to target vendors in a variety of industries, including computer hardware vendors, to obtain their products without paying.
In an alert dated March 24, the law enforcement agency said criminals are impersonating email domains of legitimate U.S.-based companies to initiate bulk purchases from vendors across the country. Since the email domains are spoofed and the display names come from current or former employees, the emails appear to originate from familiar sources and the victimized vendors assume they’re fulfilling legitimate orders.
The fraudsters also apply, and are often granted, credit repayment terms by providing fake credit references and forms, which further delays discovery and allows the criminals to avoid upfront payment.
The vendors eventually discover the fraud when they attempt to collect payment, only to learn the order was fraudulent.
According to the FBI’s most recent data, BEC and email account compromise (EAC) scams increased 65% between July 2019 and December 2021 to over $43 billion in global losses.
BEC attacks fell to the No. 2 spot in the scams that are reported to the FBI’s Internet Crime Complaint Center (IC3) in 2022. Investment scams, especially those involving cryptocurrency investment fraud, claimed the top spot and accounted for $3.31 billion losses in 2022. Losses from BEC scams accounted for $2.7 billion.
In addition to computer hardware, the FBI said vendors selling construction materials, agricultural supplies and solar energy products have been targeted.
The FBI advises vendors to verify the source of the email by calling the business and ensure the email domain is indeed from the business.