top | item 37791960

(no title)

from | 2 years ago

There's something called "business email compromise" with annual losses about 10x that of ransomware. It relies on tricking companies into paying invoices to an attacker controlled bank account instead of their actual vendors' bank account. Google lost over a hundred million dollars to some Latvian guy who was able to pull this off by pretending to be Quanta Computer. There's also just bank fraud in the Zeus style where they transfer $200000 out of your account to some company in China or Bulgaria.

These scams are all still incredibly profitable despite relying entirely on the regular financial system. There is no reason to think ransomware would stop in the absence of cryptocurrency given that extensive infrastructure has existed and currently exists to "cashout" proceeds of fraud. And in the ransomware case it's even easier because the victim is willingly making the payment, and the attacker can just not give the decryption key if the victim trys to stop the payment in any way.

And yes, this scales. If you ever looked at the promoted stories on Snapchat a few years ago, you may have seen a user with the name "The Billionaire Gucci Master" living a very opulent lifestyle. That was all paid for with business email compromise money.

discuss

kube-system|2 years ago

BEC is also not done with gift cards. Google definitely does not pay their invoices with gift cards.

from|2 years ago

Yes, I am aware. I just think people here overestimate the reversibility and traceability of the traditional system. If you're a business and you're defrauded/hacked and don't realize within a week (usually even less time), five will get you ten that money's never coming back. It went to a mule who withdrew it as cash or wired it overseas. And there's no Reg E for businesses so your bank isn't going to help either.