BEC Fraudsters Expand to Snatch Real-World Goods in Commodities Twist

Business email compromise scams are moving beyond just stealing cash, with some threat actors fooling companies into sending goods and materials on credit, and then skipping out on payment.

Some cybercriminals are flipping their playbook on business email compromise (BEC) scams and, rather than posing as vendors seeking payment, are now posing as buyers, taking their profits in easily sold commodities.
By adopting the identity of a known company, criminal actors are able to order various goods in bulk, get beneficial terms of credit, and disappear before the manufacturer discovers the fraud, stated the FBI in a recent advisory on the trend. The scheme has become more common in specific sectors, with targets including construction materials, agricultural supplies, computer technology hardware, and solar-energy systems, according to the agency.
This form of fraud also allows attackers to escape the notice of financial institutions, which have become very skilled at tracking currency movement and clawing back funds, says Sourya Biswas, technical director of risk management and governance at NCC Group, a consultancy.
BEC targeting commodities may have electronic records regarding the ordering, dispatch, and receipt of goods, but not for the last-mile piece where those goods are sold, he says. Considering the types of commodities targeted — construction materials, computer hardware, etc. — these are typically easy to sell in pieces for cash to multiple buyers without triggering red flags.
This is not the first time that commodity theft has come to light. Last summer, BEC criminal groups
targeted food manufacturers
, stealing sugar and powdered milk by the truckload. In 2021, fraudsters used similar methods, posing as an electrical contracting company, to have
35 MacBooks worth almost $110,000 delivered
to a business address, but switched the destination at the last minute.
In its advisory, the FBI noted that the tactics used by the criminal groups mimics those of more
traditional BEC scams
, with threat actors taking control of, or spoofing, legitimate domains of US companies, researching the proper employees to contact at a vendor, and then emailing requests to the vendor that appear to originate with the legitimate company.
However, commodities-fraud operations are harder to uncover than funds-focused BEC fraud. For instance, the criminal groups will often apply for Net-30 or Net-60 terms for payment by providing fake credit references and fraudulent tax forms to vendors, giving them lead time to fence the goods and disappear before suspicion might arise,
the FBI stated in the advisory
.
Victimized vendors assume they are conducting legitimate business transactions fulfilling the purchase orders for distribution, the advisory stated. The repayment terms allow criminal actors to initiate additional purchase orders without providing upfront payment.
Commodities scams are decades old, especially with easy-to-resell electronics, says Roger Grimes, data-driven defense evangelist at KnowBe4, a cybersecurity services firm.
If you know a little industry vernacular and how supply chains work, its easier to convince the victims of the scam, he says. Its also harder to trace the resell of those goods once the fraudster has obtained possession of them. But it also isnt every fraudsters first choice of how to get paid, because it significantly cuts down on profit margin.
The difference now is the interest in the gambit by cybercriminals previously carrying out BEC scams focused on fraudulent money transfers.
The transition to targeting commodities is being driven by necessity in some cases, because
BEC fraud is squarely on organizations radars
these days. In its Internet Crime Report 2022, the FBI noted that its Recovery Asset Team (RAT) has recovered nearly three-quarters (73%) of all funds stolen by BEC groups since 2018. And financial institutions have become better at detecting fraud and cutting off funds more quickly, which has forced attackers to adapt, says Dmitry Bestuzhev, senior director of cyberthreat intelligence at BlackBerry.
Financial institutions on both sides — sending or receiving funds — have been working to make it harder for the BEC operators, he says, adding that, for attackers, by focusing on goods purchasing, its an easier way to escape the monitoring algorithms ... so even if its a two-step operation, its still safer in terms of traceability and anti-fraud, prevention algorithms.
In addition, the simplicity of the scam has made the social-engineering aspects more effective. By asking for payment for goods, impersonating someone in authority, and using the language expected of business transactions, attackers are able to fool non-tech-savvy business people, says the NCC Groups Biswas.
Paying attention to advisories, such as the FBIs public service announcement, and building processes that can withstand social-engineering attacks is important, he says.
For instance, employees should be trained to spot obvious red flags. While compromising a legitimate companys email server provides a more convincing identity with which to conduct fraud, most criminal groups just use variants on the company name, such as changing a company.com domain to co-pany.com or company-usa.com domain, for example.
Cybercriminals are always evolving, and defenders should evolve as well, Biswas says. Any organization that pays for vendor services or supplies goods and services — that pretty much includes everyone — should always be on the lookout for ... new cybercrime tactics, techniques, and procedures (TTPs).

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
BEC Fraudsters Expand to Snatch Real-World Goods in Commodities Twist