The International Cricket Council (ICC) has become a victim of a cybercrime involving a substantial sum of money – about US$2.5 million – being wire transferred.
While the exact sum involved has not been confirmed, ESPNcricinfo has learned that the alleged scam originated in the USA and happened in 2022.
The route used by fraudsters to commit the financial scam was Business E-mail Compromise (BEC), also known as e-mail account compromise, which the Federal Bureau of Investigation (FBI) describes as “one of the most financially damaging online crimes”.
The ICC is tight-lipped about the incident because it has reported the suspected fraud to law-enforcement agencies in the USA and an investigation is underway. It is learned that the ICC Board was updated about the incident last year.
It is not yet known what route exactly the fraudsters took to get the money transferred from the ICC account – whether they had got in touch directly with someone at the head office in Dubai, or had targeted an ICC vendor or consultant. It is also not confirmed whether the transaction was done in one single payment or there were multiple wire transfers.
What is a BEC scam?
A BEC scam is a form of phishing where companies and individuals are tricked and convinced into making wire transfers. The FBI, in a Congressional Report (submitted to the US government) last November, stated that its Internet Crime Control Center had received BEC-related claims worth more than $2.4 billion in 2021.
In the report, the FBI stated BEC scams usually involve: “spoofing of a legitimate, known e-mail address or the use of the a nearly identical address to appear as someone known to or trusted by the victim.
BEC scams are initiated when a victim receives false wire instruction from a criminal attempting to redirect legitimate payments to a bank account controlled by fraudsters.”
The BEC scam, the FBI report said, is evolving fast as the criminals become more “sophisticated”. “The scam has progressed from spoofed e-mails purportedly from chief executive officers requesting wire payments to fraudulent locations, to impersonation of vendor e-mails; spoofed lawyer e-mail accounts; diversion of payroll funds; the targeting of the real estate sector; and fraudulent requests for large amounts of gift cards.” (ESPNcricinfo)
