Security News > 2021 > March > FBI warns of BEC attacks increasingly targeting US govt orgs
The Federal Bureau of Investigation is warning US private sector companies about an increase in business email compromise attacks targeting state, local, tribal, and territorial government entities.
"From 2018 through 2020, the FBI observed increases in business email compromise actors targeting state, local, tribal, and territorial government entities for financial gain due to vulnerability exploitation and transparency requirements," the FBI said.
Emails as part of 152 phishing assessment campaigns of SLTT orgs during 2020, DHS-CISA detected around 5,500 clicks on malicious links embedded in the phishing messages.
In December 2019, unidentified malicious actors gained unauthorized access and modified rules for the email account of the financial coordinator of an identified US territory's government agency.
Out of 791,790 complaints received by the Internet Crime Complaint Center, causing more than $4 billion in losses, 19,369 complaints were about BEC or email account compromise scams and generated $1.8 billion in losses.
In other alerts issued last year, the FBI warned of BEC scammers exploiting cloud email services such as Microsoft Office 365 and Google G Suite, and email auto-forwarding in their attacks.