The International Cricket Council(ICC) had reportedly been hit by a phishing attack that originated from the US in 2022. According to Espncricinfo, the ICC phishing attack involves the wire transfer of a sizeable sum of $2.5 million; however, the amount has not been confirmed yet.
ICC Phishing Attack: Fraudsters Use Business E-mail Compromise Rout to Launch the Attack
As per reports from International media, the threat actors used Business E-mail Compromise (BEC) route, also known as e-mail account compromise, to launch the cyber attack. The Federal Bureau of Investigation (FBI) describes BEC as “one of the most financially damaging online crimes.” It is a form of phishing attack where companies and individuals are tricked and convinced into making wire transfers.
The reports state that it is also not confirmed whether the transaction was done in one payment or there were multiple wire transfers. “It is not yet known what route exactly the fraudsters took to get the money transferred from the ICC account – whether they had got in touch directly with someone at the head office in Dubai, or had targeted an ICC vendor or consultant,” reads the report.
ICC Reportedly Launched an Investigation
The cricketing body has reported to the US authorities regarding the phishing attack, and an investigation is underway. But, as mentioned earlier, the ICC also does not confirm the investigation reports. According to the FBI, “The BEC scams has progressed from spoofed e-mails purportedly from chief executive officers requesting wire payments to fraudulent locations, to impersonation of vendor e-mails; spoofed lawyer e-mail accounts; diversion of payroll funds; the targeting of the real estate sector; and fraudulent requests for large amounts of gift cards.”