Report says the international cricket body fell victim to a Business E-mail Compromise scam
A phishing scam has targeted the international cricket body and the ICC lost around $2.5 million in the cybercrime, according to a report by ESPNcricinfo.
The exact sum of the money wire transferred by the ICC has not been confirmed, but the report said that the alleged scam originated in the USA and happened in 2022.
The route used by fraudsters to commit the financial scam was Business E-mail Compromise (BEC), also known as e-mail account compromise, which the Federal Bureau of Investigation (FBI) describes as "one of the most financially damaging online crimes".
The ESPNcricinfo report said that the ICC is tight-lipped about the incident because it has reported the suspected fraud to law-enforcement agencies in the USA and an investigation is underway. It is learned that the ICC Board was updated about the incident last year.
The report was not sure about the route the fraudsters took to get the money transferred from the ICC account. It is also not confirmed whether the transaction was done in one single payment or there were multiple wire transfers.
What is a BEC scam?
A BEC scam is a form of phishing where companies and individuals are tricked and convinced into making wire transfers. The FBI, in a Congressional Report (submitted to the US government) last November, stated that its Internet Crime Control Center had received BEC-related claims worth more than $2.4 billion in 2021.
In the report, the FBI stated BEC scams usually involve: "spoofing of a legitimate, known e-mail address or the use of a nearly identical address to appear as someone known to or trusted by the victim. BEC scams are initiated when a victim receives false wire instruction from a criminal attempting to redirect legitimate payments to a bank account controlled by fraudsters."