The Expert's View with Jeremy Kirk

Business Email Compromise (BEC) , Cybercrime , Email Security & Protection

The FBI's RAT: Blocking Fraudulent Wire Transfers

Bureau's Recovery Asset Team Targets Choke Points to Recover Lost Funds
The FBI's RAT: Blocking Fraudulent Wire Transfers
Source: FBI

The FBI's latest report into the state of internet crime confirms that fraud, e-hustles and social engineering attacks continue to proliferate.

See Also: Cybersecurity workforce development: A Public/Private Partnership that enhances cybersecurity while giving hands-on SOC experience to students

The scale is still astounding: The FBI's Internet Crime Complaint Center, or IC3, accepts reports of fraud from around the world. In 2018, it received 900 complaints per day, totaling 351,936 complaints for the year.

The financial tally of those complaints amounted to more than $2.7 billion in losses last year. That's nearly double the $1.4 billion the IC3 received in 2017. But those losses are just tied to reports from those individuals who actually knew they could file a report, making the true cost of fraud and scams likely an even more of a mind-boggling figure.

The IC3's tally of internet crime losses from last year

Halting Wire Transfer Fraud

As much as it might seem like fighting internet crime is like pushing the tide with a broom, there is a bright spot in the gloom. In February 2018, the IC3 created what it terms the RAT, or Recovery Asset Team. Its goal is to contact financial institutions quickly to freeze suspicious pending wire transfers before they're final.

Much internet-enabled crime eventually intersects with banking systems. So while it may be difficult to prevent scams, there is a touch point where with industrywide cooperation, stolen funds can be recovered. But time is tight, and swiftly contacting financial institutions is key to stopping stolen funds from being withdrawn.

IC3 reports that the bureau's RAT group - working with what's termed the Domestic Financial Fraud Kill Chain - handled 1,061 incidents between its launch and the end of last year, covering an 11-month period.

Those incidents caused losses of more than $257 million. Of that, the RAT achieved a laudable 75 percent recovery rate, or more than $192 million.

RAT Recovery: Success Stories

The IC3's report gives four examples where the RAT group successfully stopped fraudulent transfers. Two of those involved real estate transactions, but all four examples involved business email compromise scams.

Such scams involve fraudsters compromising email accounts and then patiently lurking, trying to spot opportunities to get into the middle of legitimate transactions. In 2018, IC3 reported that BEC fraud accounted for the highest losses of any fraud type, amounting to $1.2 billion and representing 20,373 complaints.

The IC3's 2018 report

BEC victims have often been easily duped because fraudulent requests for money typically arrive from a familiar account that has been seized by impostors. Attackers will often request to change account and routing numbers for an upcoming transaction, meaning victims literally end up sending fraudsters money. Then it's a race between the victims of the scam to try to stop the transfer and the fraudsters who are trying to cash out.

In one example, the RAT team recovered $54,000 on behalf of a victim in Colorado, or nearly the full amount stolen. "The victim reported that they initiated a fraudulent wire transfer of $56,179.27 after receiving a spoofed email from a lending agent during a real estate transaction," according to the report. "The IC3 RAT, working in coordination with the Denver Field Office, contacted the victim's bank and worked with the fraud department to freeze the funds."

Sharp Rise in Extortion

Another standout statistic in the latest IC3 report is extortion attempts, which rose sharply over 2017.

There's often a seedy nature to extortion. The FBI says that victims have received emails threatening a pending pornographic video release or other compromising information unless a ransom - usually asked for in a virtual currency such as bitcoin - is paid. But it can also involve threats to conduct distributed denial-of-service attacks.

The extortion complaint tally in 2018 numbered 51,146, which was a 242 percent increase over the previous year. Most of those complaints involved sextortion.

As difficult as it is to trace online extortionists, there have been arrests.

In one case, the FBI says it apprehended a man who was indicted as a result of an IC3 referral. A company based in the Los Angeles area received an extortion attempt that asked for a ransom to stop the release of customer information and to halt a distributed denial-of-service attack.

"The investigation revealed the email was affiliated with the Apophis Squad, a group that has been reported for bomb threats to schools, and DDoS extortion threats to companies," the report says.

Timothy Dalton Vaughn, 20, Winston-Salem, North Carolina, was arrested on Feb. 12, according to the Justice Department. The indictment against him alleges that Vaughn bragged about targeting 2,000 schools in the U.S. and more than 400 in the U.K. with shooting and bomb threats.

Also indicted was George Duke-Cohan, 19, of Hertfordshire, U.K., who was already serving a sentence in the U.K. for a hoax that targeted an airline, the Justice Department said.

It's encouraging news that the RAT group and other law enforcement authorities are making progress in the fight against fraud. But clearly, authorities face a never-ending battle against fraudsters, whose methods continually evolve.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.