New Approach Against CEO- and Digital Invoice Fraud to Oppose Cyber Criminals
CEO- and digital invoice fraud, also known as BEC-Fraud, is a specific type of fraud which is not known by many people. However, this type of fraud is on the top three forms of cybercrime with the most financial damage. According to the FBI, the financial damage between 2016 and 2019 was 26 billion-dollar worldwide. BEC fraud also increasingly more often occurs in the Netherlands. To oppose these cybercriminals, The Dutch public prosecution service, the cybercrime team of the Hague police force, The Hague Security Delta, Fraudehelpdesk, knowledge institutions, businesses and banks have started a collaboration. The purpose of this collaboration has been to create new insights into the modus operandi of these criminals, so they can be stopped.
Business Email Compromise (BEC) is a collective name for criminal activities that aim to manipulate email traffic of organisations by making them transfer money to criminal bank accounts. CEO fraud and digital invoice fraud are part of this. A well-known case is that of Pathé Netherlands. This company lost nineteen million euros after they believed they were in contact with the French headquarters making them transfer millions for the acquisition of a company. However, not only large organisations become victim of this form of fraud, these criminals also focus on SMEs, associations and foundations.
‘’Through this unique collaboration with businesses, knowledge institutions and governments, led by the Dutch public prosecution service, HSD and the cybercrime team of the Hague police force, we get a better understanding of the cybercriminal’s business model’’, according to Koen Hermans, public prosecutor in The Hague. For example, on the money flows work and on how these criminals collaborate. Up to now, we have found several ways to oppose these cyber criminals; from raising awareness among businesses, improving software of i.a. payment packages, to a simple check during a money transfer regarding the corresponding name and bank account. To further strengthen the collaboration and organise these ‘barriers’ in practice, Sigrid Berk started in September as the project leader for this collaboration.
In the cybersecurity month, which takes place in October, BEC-fraud will be given extra attention. This month, both Fraudehelpdesk and the Chamber of Commerce will start awareness campaigns in order to warn businesses for BEC-fraud. Focus will be on how CEO and digital invoice fraud can be recognised, how victims can report this to the police and where they can register a failed attempt of fraud.
The BEC-Fraud programme has been initiated by the Dutch public prosecution service, The Hague Security Delta and the cybercrime team of the Hague police force, in closely collaboration with i.a. Fraudehelpdesk, ABN-AMRO, the Amsterdam University of Applied Sciences, Chamber of Commerce, TU Delft, Fox-IT, ING, Institute for Financial Crime (IFCC), the Dutch Banking Association, NHL Stenden, Northwave, Rabobank and the Vrije Universiteit Amsterdam.