Updated on 2022-11-22: Ten BEC scammers charged
The US DOJ has charged ten suspects across the US for stealing more than $11.1 million from state Medicaid programs and private health insurers. Officials said the group used BEC schemes where they posed as business partners to divert money from their victims’ bank accounts into accounts operated by their money mules. The DOJ said that five state Medicaid programs, two Medicare Administrative Contractors, and two private health insurers fell victim and lost money to the group. Read more: 10 Charged in Business Email Compromise and Money Laundering Schemes Targeting Medicare, Medicaid, and Other Victims
Updated on 2022-11-21
The DOJ charged 10 individuals for their roles in BEC scams aimed at federally funded healthcare programs, including Medicaid and Medicare, along with a variety of other victims. Read more: 10 Suspects Charged for BEC Scams Targeting Federal Funding Programs
Overview: DOJ Announces Charges Against 10 Individuals for Alleged Involvement in Business eMail Compromise Schemes
US authorities have charged 10 individuals in connection with business email compromise (BEC) schemes that targeted numerous organizations including federally funded US programs like Medicare and Medicaid. The losses total more than $11m.
- BEC is still a concern; with estimates of a 65% increase in identified global exposed losses between July 2019 and December 2021. The increased success is partly attributed to the pandemic where increased telework removed some traditional mitigations, such as shouting or walking down the hall for support. The attackers still largely leverage phishing, social engineering, hacking, in combination or separately. This means we need to stay vigilant and support our users making good choices to avoid BEC, and make sure our training and support mechanisms remain viable in the current work environment. Conduct regular exercises and adjust where you can to make improvements.
- BEC schemes have been around for years. Cybersecurity best practices, such as email authentication using Domain-based Message Authentication Reporting and Conformance (DMARC), ensure that only legitimate senders are using company trusted domains to message customers and employees. Use the DOJ charging documents to frame the discussion between executive leadership and IT staff.
Read more in